Fortinet has released updates to fix multiple vulnerabilities in its products. Vulnerabilities were identified in the FortiClient (Linux), FortiClient (Windows), FortiEDR, FortiWAN, FortiWLC. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, information disclosure, security restrictions bypass, privilege escalation, cross-site scripting (XSS) and Denial of service condition on the targeted system.

Fortinet has also released security advisories for remote code execution vulnerabilities (CVE-2022-22965, CVE-2022-22963) in Spring and Denial of service vulnerability in OpenSSL library (CVE-2022-0778) that impact Fortinet products. Full list of impacted Fortinet products and fixed versions can be found in these advisories – FG-IR-22-059, FG-IR-22-072.

More information on vulnerabilities and updates is available in Fortinet security advisories – fortinet.com.