Black Arrow Cyber Consulting
0

Blog

Our weekly Cyber Flash Briefing round up of top open source news and ‘Cyber Tip Tuesday’ videos

Black Arrow Cyber Advisory 13 April 2023 – Fortinet Patches Multiple Vulnerabilities, Including Some High Severity

Executive summary

As part of its April 2023 vulnerability advisories update, Fortinet has released patches for one actively exploited vulnerability (CVE-2022-0847) which impacted FortiAuthenticator, FortiProxy and FortiSIEM. The advisory also addressed high severity vulnerabilities in FortiOS, FortiProxy, FortiSOAR, FortiClient, FortiNAC, FortiADC, FortiDDoS, FortiDDoS-F, FortiPresence, Fortiweb, FortiADC, FortiAnalyzer, FortiSandbox, FortiDeceptor, FortiManager, FortiGate and FortiAuthenticator.

Technical Summary

CVE-2022-0847 is an actively exploited Linux kernel privilege escalation vulnerability known as “dirty pipe” which was patched in March last year. Some versions of FortiAuthenticator, FortiProxy and FortiSIEM use a version of the linux kernel which was still vulnerable to this exploit, prior to Fortinet releasing the April updates.

What’s the risk to me or my business?

The vulnerabilities, if exploited, could allow an attacker to escalate privileges, perform command execution, bypass anti brute-force defences, create files and perform man-in-the-middle attacks; all of which can compromise the confidentiality, integrity and availability of data in your organisation.

According to Fortinet, the following products are affected by the actively exploited vulnerability:

FortiAuthenticator version 6.3.0 through 6.3.3 and 6.4.0 through 6.4.1

FortiProxy version 7.0.0 through 7.0.3

FortiSIEM version 6.1.0 through 6.1.2, 6.2.0 through 6.2.1, 6.3.0 through 6.3.3 and 6.4.0

What can I do?

Patches are available for the products affected by the exploited vulnerability and should be applied immediately. Security updates are available for the other vulnerabilities addressed by Fortinet. Further information for each vulnerability can be found in the advisory from Fortinet.

 More information on the Fortinet vulnerabilities can be found here: https://www.fortiguard.com/psirt-monthly-advisory/april-2023-vulnerability-advisories

More information on the actively exploited vulnerability can be found here:

https://www.fortiguard.com/psirt/FG-IR-22-050

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Adminblack arrow, black arrow threat advisory, threat advisory, black arrow threat intelligence, threat intelligence, vulnerabilities, fortinet, actively exploited