Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy

Fortinet has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAC, and FortiProxy, among others.

Two of the 40 flaws are rated Critical, 15 are rated High, 22 are rated Medium, and one is rated Low in severity.

Top of the list is a severe bug residing in the FortiNAC network access control solution (CVE-2022-39952, CVSS score: 9.8) that could lead to arbitrary code execution.

“An external control of file name or path vulnerability [CWE-73] in FortiNAC web server may allow an unauthenticated attacker to perform arbitrary write on the system,” Fortinet said in an advisory earlier this week.

The products impacted by the vulnerability are as follows –

FortiNAC version 9.4.0
FortiNAC version 9.2.0 through 9.2.5
FortiNAC version 9.1.0 through 9.1.7
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions
FortiNAC 8.5 all versions, and
FortiNAC 8.3 all versions

Patches have been released in FortiNAC versions 7.2.0, 9.1.8, 9.1.8, and 9.1.8. Penetration testing firm Horizon3.ai said it plans to release a proof-of-concept (PoC) code for the flaw “soon,” making it imperative that users move quickly to apply the updates.

The second flaw of note is a set of stack-based buffer overflow in FortiWeb’s proxy daemon (CVE-2021-42756, CVSS score: 9.3) that could enable an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

CVE-2021-42756 affects the below versions of FortiWeb, with fixes available in versions FortiWeb 6.0.8, 6.1.3, 6.2.7, 6.3.17, and 7.0.0 –

FortiWeb versions 6.4 all versions
FortiWeb versions 6.3.16 and below
FortiWeb versions 6.2.6 and below
FortiWeb versions 6.1.2 and below
FortiWeb versions 6.0.7 and below, and
FortiWeb versions 5.x all versions

Both the flaws were internally discovered and reported by its product security team, Fortinet said. Interestingly, CVE-2021-42756 also appears to have been identified in 2021 but not publicly disclosed until now.

Leave a Comment Cancel Reply

London, GB

1:29 am, Jul 11, 2025

20°C

L: 18° | H: 21°

Feels like 20°C° scattered clouds

Humidity: 75 %

Pressure: 1021 mb

Wind: 6 mph E

Wind Gust: 0 mph

UV Index: 0

Precipitation: 0 mm

Clouds: 49%

Rain Chance: 0%

Visibility: 10 km

Sunrise: 4:56 am

Sunset: 9:15 pm

DailyHourly

Daily ForecastHourly Forecast

Today 10:00 pm

18° | 21°°C 0 mm 0% 8 mph 73 % 1021 mb 0 mm/h

Tomorrow 10:00 pm

19° | 30°°C 0 mm 0% 10 mph 67 % 1019 mb 0 mm/h

Sun Jul 13 10:00 pm

18° | 31°°C 0 mm 0% 7 mph 69 % 1015 mb 0 mm/h

Mon Jul 14 10:00 pm

19° | 28°°C 1 mm 100% 17 mph 86 % 1016 mb 0 mm/h

Tue Jul 15 10:00 pm

15° | 26°°C 0 mm 0% 12 mph 69 % 1022 mb 0 mm/h

Today 4:00 am

17° | 19°°C 0 mm 0% 3 mph 73 % 1021 mb 0 mm/h

Today 7:00 am

20° | 20°°C 0 mm 0% 2 mph 67 % 1021 mb 0 mm/h

Today 10:00 am

27° | 27°°C 0 mm 0% 3 mph 45 % 1021 mb 0 mm/h

Today 1:00 pm

31° | 31°°C 0 mm 0% 4 mph 31 % 1020 mb 0 mm/h

Today 4:00 pm

31° | 31°°C 0 mm 0% 5 mph 26 % 1018 mb 0 mm/h

Today 7:00 pm

30° | 30°°C 0 mm 0% 6 mph 29 % 1017 mb 0 mm/h

Today 10:00 pm

23° | 23°°C 0 mm 0% 8 mph 49 % 1019 mb 0 mm/h

Tomorrow 1:00 am

21° | 21°°C 0 mm 0% 5 mph 56 % 1019 mb 0 mm/h

Name	Price	24H (%)
Bitcoin(BTC)	€98,856.52	3.95%
Ethereum(ETH)	€2,509.18	6.06%
Tether(USDT)	€0.85	-0.02%
XRP(XRP)	€2.15	4.52%
Solana(SOL)	€139.71	3.90%
USDC(USDC)	€0.85	-0.01%
Dogecoin(DOGE)	€0.166253	7.31%
Shiba Inu(SHIB)	€0.000011	6.62%
Pepe(PEPE)	€0.000010	11.49%
Peanut the Squirrel(PNUT)	€0.244196	21.64%

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy

Share:

Leave a Comment Cancel Reply

Utility link

Useful link

Newsletter

Follow Us