Fortinet has released security updates to patch multiple high-severity vulnerabilities affecting its FortiADC application delivery controller and FortiOS cybersecurity operating system.
The vulnerabilities can allow unauthenticated remote attackers to execute arbitrary code, bypass authentication, or cause a denial-of-service (DoS) condition.
One of the critical flaws tracked as CVE-2021-32589 is a command injection vulnerability in FortiADC that can enable remote code execution. Another vulnerability, tracked as CVE-2021-32590, is a path traversal flaw in the SSL VPN portal of FortiOS that can allow unauthorized attackers to read arbitrary files.
The company urges its customers to apply the necessary patches as soon as possible to mitigate the risks of exploitation.
Read more at: https://www.securityweek.com/fortinet-patches-high-severity-vulnerabilities-in-fortiadc-fortios/