Initiativen für
    
    Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
      
     
                  Reference:
Advisory #2023-21
Version:
1.0
Affected software:
FortiNAC 8.3 all versions
FortiNAC 8.4 all versions
FortiNAC 8.5 all versions
FortiNAC 8.6 all versions
FortiNAC 8.7 all versions
FortiNAC 8.8 all versions
FortiNAC version 9.1.0 through 9.1.7
FortiNAC version 9.2.0 through 9.2.5
FortiNAC version 9.4.0
FortiWeb versions 5.x all versions
FortiWeb versions 6.0.7 and below
FortiWeb versions 6.1.2 and below
FortiWeb versions 6.2.6 and below
FortiWeb versions 6.3.16 and below
FortiWeb versions 6.4 all versions
Type:
Remote Code Execution (RCE), Stack-based Buffer Overflows
CVE/CVSS:
CVE-2022-39952 (CVSS: 9.8)
CVE-2021-42756 (CVSS: 9.3)
https://www.fortiguard.com/psirt/FG-IR-22-300
https://www.fortiguard.com/psirt/FG-IR-21-186
https://nvd.nist.gov/vuln/detail/CVE-2022-39952
https://securityonline.info/fortinet-patches-critical-cve-2022-39952-cve-2021-42756-bugs-in-its-products/
Fortinet has released security updates to address a remote code execution (RCE) and a Stack‑based Buffer Overflows vulnerability, affecting FortiNAC web server and FortiWeb respectively. The impact to confidentiality, integrity and availability is high.
FortiNAC web server contains a remote code execution (RCE) flaw, CVE‑2022‑39952, that could allow an unauthenticated attacker to execute arbitrary code on the affected system.
Successful exploitation of the stack‑based overflows vulnerability, CVE-2021-42756, in FortiWeb’s proxy daemon may allow an unauthenticated remote attacker to achieve arbitrary code execution via specially crafted HTTP requests.
The remote code execution vulnerability in Fortinet FortiNAC webserver affects versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7.
Whereas, the security flaw, CVE-2021-42756, in the proxy daemon of FortiWeb affects 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions.
A complete PoC (Proof of Concept) scripts for CVE-2022-39952 is available: https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
There are currently no reports of these vulnerabilities being exploited in the wild.
 
The CCB recommends administrators to install updated versions of the FortiNAC webserver and FortiWeb proxy daemon released by the vendor.
At present, there is no mitigation advice or workarounds for the discovered security flaws, so updating the impacted products is the only recommended approach to address the risks.