07.08.2022

Fortinet Patches Released

MCNC Admin Avatar
By MCNC Admin
Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 07/08/2022

Action Level - High

Description

MCNC would like to make you aware of multiple Fortinet vulnerabilities which have recently had patches released. A FortiClient vulnerability could let an attacker gain SYSTEM privileges and a FortiOS vulnerability could let an attacker execute CLI commands on multiple Fortinet devices. Other Fortinet vulnerabilities have been patched so it is strongly recommended you review your Forti environment and update/patch as needed.

Affected Devices

  • FortiClient
    • FortiClientWindows version 7.0.0 through 7.0.2
    • FortiClientWindows version 6.4.0 through 6.4.6
    • FortiClientWindows version 6.2.0 through 6.2.9
  • FortiManager
    • FortiManager version 5.6.0 through 5.6.11
    • FortiManager version 6.0.0 through 6.0.11
    • FortiManager version 6.2.0 through 6.2.9
    • FortiManager version 6.4.0 through 6.4.7
    • FortiManager version 7.0.0 through 7.0.2
  • FortiOS
    • FortiOS version 6.0.0 through 6.0.14
    • FortiOS version 6.2.0 through 6.2.10
    • FortiOS version 6.4.0 through 6.4.8
    • FortiOS version 7.0.0 through 7.0.5

Attack Vector:

  • CVE-2021-41031 (FortiClient)
    • Local unprivileged attacker
  • CVE-2021-43072 (FortiOS and other devices)
    • Network, ability to access via tftp.

Attack Feasibility

Many of these vulnerabilities are easily exploited but no current known exploit is available.

Mitigations

  • CVE-2021-41031 (FortiClient)
    • None, you must only allow trusted users to access a given device until the patch is applied.
  • CVE-2021-43072 (FortiOS and other devices)
    • Ensure tftp is blocked at the network level or network access to the device is appropriately restricted.

Remediations

Update to the versions specific in the vendor documentation below

Vendor Resources

<-- Return to Cybersecurity Alerts...

MCNC Admin
MCNC Admin
MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • twitter
  • facebook
  • youtube
© 2022 MCNC