Kowatek Solar LTD
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France
3 Hours Of Free Power Explained
17:53
3 Hours Of Free Power Explained
Father of Modern Solar Approaches the Next Frontier
17:51
Father of Modern Solar Approaches the Next Frontier
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
14:40
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
The optimal internal receiver geometry for high temperature solar fuels
17:59
The optimal internal receiver geometry for high temperature solar fuels
Rolls-Royce to build four BESS facilities for Sunly in Latvia
17:52
Rolls-Royce to build four BESS facilities for Sunly in Latvia
Engie to build 155MW solar PV at gas plant in Spain 
17:51
Engie to build 155MW solar PV at gas plant in Spain 
Supreme Court of Ohio reverses permit for Oak Run Solar site
14:28
Supreme Court of Ohio reverses permit for Oak Run Solar site
SolarPACES has now mapped all 43 of China’s new CSP projects
17:57
SolarPACES has now mapped all 43 of China’s new CSP projects
Germany: interaction between grid fees, BKZ and FCAs still need to be solved
07:34
Germany: interaction between grid fees, BKZ and FCAs still need to be solved

Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiOS, and FortiProxy

February 19, 2023Rabbi LakshmananNetwork Security / Firewall

Fortinet

Fortinet has released security updates that address 40 vulnerabilities in its software line-up including FortiWeb, FortiOS, FortiNAS and FortiProxy.

Of the 40 defects, 2 are rated critical, 15 are rated high, 22 are rated medium, and 1 is rated low.

At the top of the list is a critical bug (CVE-2022-39952, CVSS score: 9.8) in the FortiNAC network access control solution that could lead to the execution of arbitrary code.

“External control of file name or path vulnerabilities [CWE-73] The FortiNAC web server could allow an unauthenticated attacker to perform arbitrary writes to the system,” Fortinet said in an advisory earlier this week.

Products affected by this vulnerability are:

  • FortiNAC Version 9.4.0
  • FortiNAC versions 9.2.0 through 9.2.5
  • FortiNAC versions 9.1.0 through 9.1.7
  • FortiNAC 8.8 All Versions
  • FortiNAC 8.7 All versions
  • FortiNAC 8.6 All versions
  • FortiNAC 8.5 all versions, and
  • FortiNAC 8.3 All Versions

Patches have been released for FortiNAC versions 7.2.0, 9.1.8, 9.1.8, and 9.1.8. Penetration testing company Horizon3.ai Said The company plans to release proof-of-concept (PoC) code for this flaw “soon,” and it’s imperative that users act quickly to apply the update.

The second flaw of note is a series of stack-based buffer overflows in FortiWeb’s proxy daemon (CVE-2021-42756, CVSS score: 9.3) that could allow an unauthenticated, remote attacker to be specially crafted. could potentially execute arbitrary code via HTTP requests.

CVE-2021-42756 affects the following versions of FortiWeb and fixes are available for versions FortiWeb 6.0.8, 6.1.3, 6.2.7, 6.3.17 and 7.0.0 –

  • FortiWeb version 6.4 all versions
  • FortiWeb version 6.3.16 and below
  • FortiWeb version 6.2.6 and below
  • FortiWeb version 6.1.2 and below
  • FortiWeb version 6.0.7 and below, and
  • FortiWeb version 5.x all versions

According to Fortinet, the two flaws were discovered internally and reported by the product security team. Interestingly, CVE-2021-42756 also appears to have been identified in 2021, but has not been disclosed to date.

Did you find this article interesting?Please follow us twitter and LinkedIn to read more exclusive content we post.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us