Fortinet Security Update

Published On: January 4, 2023Categories: Cyber Briefs

In today’s SensCy Cyber Alert, your SensCy team recommends Fortinet customer patch their appliance to address a vulnerability in multiple versions of FortiADC. The vulnerability can be tracked as CVE-2022-39947 and is an improper neutralization of special elements used in an OS Command vulnerability. The vulnerability could allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests.

Today, Fortinet released a security advisory, FG-IR-22-061, publicly explaining that the vulnerability has been exploited in attacks and that users should update to the following version to fix the bug:

Affected Products:

FortiADC version 7.0.0 through 7.0.2
FortiADC version 6.2.0 through 6.2.3
FortiADC version 6.1.0 through 6.1.6
FortiADC version 6.0.0 through 6.0.4
FortiADC version 5.4.0 through 5.4.5

Solutions

Please upgrade to the upcoming FortiADC 7.0.2.
Please upgrade to the upcoming FortiADC 6.2.4.

Why are zero-day vulnerabilities dangerous?

Two main reasons: Cybercriminals can freely exploit these vulnerabilities by malware infections, potentially resulting in data loss for the victims. The systems are vulnerable for as long as the user does not update or install the patch issued by the vendor.

Related Posts

  • February 1, 2023

    Categories: Cyber Briefs

    In today’s Cyber Brief, SensCy analyzes a new phishing trend targeted at password managers, notably Bitwarden. Many users have found that Bitwarden password vaults were [...]

  • January 19, 2023

    Categories: Cyber Briefs

    One of SensCy’s missions is to bring awareness to small and medium- sized organizations about the ever-evolving cyber threat landscape. One of cybersecurity’s main issues [...]

  • January 12, 2023

    Categories: Cyber Briefs

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version immediately. The new update, Chrome 109, [...]