Network admins using Fortinet hardware should update their devices for security reasons. Attackers could attack the application delivery controller FortiADC or the network access control FortiNAC, among other things.
The most dangerous ranked vulnerabilities affect FortiOS and FortiProxy (CVE-2023-22640 “hoch“) and FortiADC (CVE-2023-27999 “hoch“). In both cases, an attacker must be authenticated. If this is the case, he could execute his own commands due to insufficient checks. Malicious code could even be executed.
Furthermore, attackers could still access hard-coded access data or hook into connections as a man-in-the-middle due to a weak SSH key exchange algorithm.
Fortinet lists the versions secured against the attacks in its security center.
(of the)
