Several vulnerabilities in FortiOS

Published: 2023-02-17

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2022-42472 CVE-2022-41335
CWE-ID	CWE-113 CWE-22
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	FortiOS Operating systems & Components / Operating system
Vendor	Fortinet, Inc

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) HTTP response splitting

EUVDB-ID: #VU72347

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42472

CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Exploit availability: No

Description

The vulnerability allows a remote user to perform HTTP splitting attacks.

The vulnerability exists due to software does not correctly process CRLF character sequences. A remote user can send specially crafted request containing CRLF sequence and inject arbitrary HTTP headers.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FortiOS: 6.0.0 - 7.2.2

External links

http://fortiguard.com/psirt/FG-IR-22-362

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Path traversal

EUVDB-ID: #VU72345

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41335

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')