Fortinet has informed customers about 16 vulnerabilities discovered in the company’s products, including six flaws that have been assigned a ‘high’ severity rating.
FortiTester is vulnerable to a high-severity flaw that lets logged-in attackers run commands by passing carefully crafted arguments to already existing commands. A flaw in FortiSIEM enables a local attacker with command-line access to directly perform actions on the Glassfish server using a hardcoded password. Cross-site scripting (XSS) bugs are the remaining serious security holes. They have an effect on FortiDeceptor, FortiManager, FortiAnalyzer, and FortiADC.
Some of them allow for remote exploits that don’t require authentication. FortiOS, FortiTester, FortiSOAR, FortiMail, FortiEDR CollectorWindows, FortiClient for Mac, and FortiADC have all received patches for medium- and low-severity flaws.