{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2023-022.pdf" }, "title": "Critical Authentication Vulnerability in Fortinet Product", "serial_number": "2023-022", "publish_date": "17-04-2023 13:25:00", "description": "On April 11, 2023, Fortinet released an advisory regarding one critical vulnerability in FortiPresence on-prem infrastructure server. This vulnerability is identified as CVE-2022-41331 (CVSS score of 9.3) and it may allow remote un-authenticated attackers to access the Redis and MongoDB instances.\n
\nMoreover, Fortinet has also released security updates to address 9 High, and 10 Medium severity vulnerabilities in FortiPresence, FortiOS, FortiWeb, and other Fortinet products.\n", "url_title": "2023-022", "content_markdown": "--- \ntitle: 'Critical Authentication Vulnerability in Fortinet Product'\nversion: '1.0'\nnumber: '2023-022'\noriginal_date: 'April 11, 2023'\ndate: 'April 17, 2023'\n---\n\n_History:_\n\n* _17/04/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn April 11, 2023, Fortinet released an advisory regarding one critical vulnerability in FortiPresence on-prem infrastructure server. This vulnerability is identified as **CVE-2022-41331** (CVSS score of 9.3) and it may allow remote un-authenticated attackers to access the Redis and MongoDB instances [1].\n\nMoreover, Fortinet has also released security updates to address 9 High, and 10 Medium severity vulnerabilities in FortiPresence, FortiOS, FortiWeb, and other Fortinet products [1, 2]. \n\n# Technical Details\n\nThe Critical severity vulnerability known as `CVE-2022-41331` exists due to missing authorisation checks to access Redis and MongoDB instances. A remote un-authenticated attacker can connect to the database instances via crafted authentication requests that may result in compromising the affected system [1, 2].\n\n# Affected Products\n\n- FortiPresence 1.2 all versions [1];\n- FortiPresence 1.1 all versions [1];\n- FortiPresence 1.0 all versions [1].\n\n# Recommendations\n\nIt is recommended to upgrade FortiPresence instances to version 2.0.0 or above. In addition, CERT-EU encourages affected constituents to review the April 2023 Vulnerability Advisories of Fortinet and apply the relevant updates.\n\n# References\n\n[1] \n\n[2] \n\n", "content_html": "

History:

Summary

On April 11, 2023, Fortinet released an advisory regarding one critical vulnerability in FortiPresence on-prem infrastructure server. This vulnerability is identified as CVE-2022-41331 (CVSS score of 9.3) and it may allow remote un-authenticated attackers to access the Redis and MongoDB instances [1].

Moreover, Fortinet has also released security updates to address 9 High, and 10 Medium severity vulnerabilities in FortiPresence, FortiOS, FortiWeb, and other Fortinet products [1, 2].

Technical Details

The Critical severity vulnerability known as CVE-2022-41331 exists due to missing authorisation checks to access Redis and MongoDB instances. A remote un-authenticated attacker can connect to the database instances via crafted authentication requests that may result in compromising the affected system [1, 2].

Affected Products

Recommendations

It is recommended to upgrade FortiPresence instances to version 2.0.0 or above. In addition, CERT-EU encourages affected constituents to review the April 2023 Vulnerability Advisories of Fortinet and apply the relevant updates.

References

[1] https://www.fortiguard.com/psirt/FG-IR-22-355

[2] https://digital.nhs.uk/cyber-alerts/2023/cc-4298

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }