Issued: Thursday, 5 January, 2023 |
Last Revision: Thursday, 5 January, 2023 |
Vendor: |
Product: |
Severity Level: |
Fortinet addressed multiple high severity vulnerabilities impacting its various products. Vulnerabilities may allow attackers to execute arbitrary commands, unauthorized code, perform a stored cross site scripting (XSS) and privilege escalations.
CVE/Vulnerability | Affected Products | Description | CVSSv3 Score | Exploitable |
CVE-2022-39947 | FortiADC version 7.0.0 through 7.0.2 FortiADC version 6.2.0 through 6.2.3 FortiADC version 6.1.0 through 6.1.6 FortiADC version 6.0.0 through 6.0.4 FortiADC version 5.4.0 through 5.4.5 | FortiADC -command injection in web interface
| 8.6 | No |
CVE-2022-35845 | FortiTester version 7.1.0, 7.0 all, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 | FortiTester -Multiple command injection vulnerabilities in GUI and API | 7.6 | No |
CVE-2022-41336 | FortiPortal version 6.0.0 through 6.0.1, 5.3, 5.2, 5.1, 5.0 all versions | FortiPortal - XSS observed on policy column settings | 6.6 | No |
CVE-2022-45857 | FortiManager version 7.0.0 through 7.0.1 FortiManager version 6.4.0 through 6.4.7 FortiManager version 6.2.0 through 6.2.8 | FortiManager - Incorrect user management behavior leads to passwordless admin | 6 | No |
Organization are encouraged to upgrade the affected version to latest version.