Critical Vulnerability in FortiADC

Published on 05 Jan 2023

Updated on 05 Jan 2023

Fortinet has released security updates to address an OS Command vulnerability (CVE-2022-39947) in FortiADC.  

Successful exploitation of the vulnerability may allow an authenticated attacker with access to web GUI to execute unauthorised code or commands via specifically crafted HTTP requests.

The following versions of the products are affected by the vulnerability: 

  • FortiADC version 7.0.0 through 7.0.1
  • FortiADC version 6.2.0 through 6.2.3
  • FortiADC version 5.4.0 through 5.4.5
  • FortiADC all versions 6.1
  • FortiADC all versions 6.0

 

Users and administrators of the affected product versions are advised to upgrade to the latest versions immediately. 

More information is available here:

https://www.fortiguard.com/psirt/FG-IR-22-061

https://www.cisa.gov/uscert/ncas/current-activity/2023/01/04/fortinet-releases-security-updates-fortiadc