Fortinet Releases Critical Security Updates to Fix 40 Flaws, Including Critical Vulnerabilities in FortiNAC and FortiWeb
Fortinet has released security updates to fix 40 vulnerabilities in its software, including Critical and High severity flaws. The Critical vulnerability in FortiNAC network access control solution (CVE-2022-39952) could allow an unauthenticated attacker to execute arbitrary code.
The second flaw of note is a stack-based buffer overflow in FortiWeb’s proxy daemon (CVE-2021-42756) that could enable an unauthenticated remote attacker to achieve arbitrary code execution. Users are urged to apply the updates quickly, as a proof-of-concept code for the FortiNAC vulnerability is expected to be released soon.