Fortinet has patched a slew of security flaws in many of its endpoint security products. On Tuesday, the California-based cybersecurity behemoth, which accounts for more than a third of all firewall and unified threat management deployments globally, published a massive number of firmware and software upgrades (July 5).
Multiple relative route traversal faults in FortiDeceptor’s administrative interface, which sets up virtual computers that act as honeypots for network intruders, are among a quartet of high-severity problems (CVE-2022-30302).
According to the accompanying Fortinet alert, abusing these may permit a remote and authorised attacker to obtain and delete arbitrary files from the underlying filesystem using carefully crafted web requests. Similarly, path traversal in the named pipe responsible for the FortiESNAC service might allow attackers to gain privilege escalation in Windows versions of the endpoint security and VPN application FortiClient (CVE-2021-41031).
Meanwhile, the FortiNAC network access control system was vulnerable to a “empty password in configuration file vulnerability,” which allowed an authorised attacker to access the MySQL databases via the command line interface (CLI) (CVE-2022-26117).
Additional flaws
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: