FORTINET: January 2023 Vulnerability Advisories

FortiTester - Multiple command injection vulnerabilities in GUI and API Advisory Summary: Multiple command injection vulnerabilities in FortiTester GUI and API Affected Products: FortiTester version 7.1.0 FortiTester version 7.0 all versions FortiTester version 4.0.0 through 4.2.0 FortiTester version 2.3.0 through 3.9.1 Fortinet Advisory: https://www.fortiguard.com/psirt/FG-IR-22-274 CVSS Score: 7.6 FortiPortal - XSS observed on policy column settings Advisory Summary: XSS observed on policy column settings Affected Products: FortiPortal version 6.0.0 through 6.0.11 FortiPortal 5.3 all versions FortiPortal 5.2 all versions FortiPortal 5.1 all versions FortiPortal 5.0 all versions Fortinet Advisory: https://www.fortiguard.com/psirt/FG-IR-22-313 CVSS Score: 6.6 FortiWeb - header injection in FortiWeb API Advisory Summary: HTTP response splitting vulnerability Affected Products: FortiWeb version 7.0.0 through 7.0.2FortiWeb version 6.4.0 through 6.4.2FortiWeb version 6.3.6 through 6.3.20 Fortinet Advisory: https://www.fortiguard.com/psirt/FG-IR-22-250 CVSS Score: 5.3 FortiManager - Incorrect user management behavior leads to passwordless admin Advisory Summary: FortiManager VDOM creation may add an passwordless super_admin profiled admin account on FortiGate. Affected Products: At leastFortiManager version 7.0.0 through 7.0.1FortiManager version 6.4.0 through 6.4.7FortiManager version 6.2.0 through 6.2.9 Fortinet Advisory: https://www.fortiguard.com/psirt/FG-IR-22-371 CVSS Score: 6 FortiADC - command injection in web interface Advisory Summary: Command injection vulnerability in FortiADC. Affected Products: FortiADC version 7.0.0 through 7.0.2FortiADC version 6.2.0 through 6.2.3FortiADC version 6.1.0 through 6.1.6FortiADC version 6.0.0 through 6.0.4FortiADC version 5.4.0 through 5.4.5 Fortinet Advisory: https://www.fortiguard.com/psirt/FG-IR-22-061 CVSS Score: 8.6 https://www.it-connect.fr/wordpress-un-nouveau-malware-exploite-une-vingtaine-de-failles/