Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.5504 AV Engine - evasion by manipulating MIME attachment 2 November 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: AV Engine FortiMail FortiOS Publisher: Fortinet Operating System: Network Appliance Resolution: Patch/Upgrade CVE Names: CVE-2022-26122 Original Bulletin: https://fortiguard.fortinet.com/psirt/FG-IR-22-074 Comment: CVSS (Max): 4.3 CVE-2022-26122 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N) CVSS Source: Fortinet Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- AV Engine - evasion by manipulating MIME attachment IR Number : FG-IR-22-074 Date : Nov 1, 2022 Severity : Medium CVSSv3 Score : 4.3 Impact : Denial of service CVE ID : CVE-2022-26122 Affected Products: AV Engine: 6.33, 6.253, 6.252, 6.243, 6.157, 6.156, 6.145, 6.144, 6.142, 6.137, 4.4.54, 2.0.60, 2.0.49, 0.4.23 FortiMail: 7.0.2, 7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0 FortiOS: 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.10, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.11, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1, 6.0.0 Summary An insufficient verification of data authenticity vulnerability [CWE-345] in FortiClient, FortiMail and FortiOS AV engines may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64. Affected Products FortiOS running AV engine version 6.2.168 and below. FortiOS running AV engine version 6.4.274 and below. FortiMail running AV engine version 6.2.168 and below. FortiMail running AV engine version 6.4.274 and below. FortiClient running AV engine version 6.2.168 and below. FortiClient running AV engine version 6.4.274 and below. Solutions Please upgrade AV engine to version 6.2.169 or above. Please upgrade AV engine to version 6.4.275 or above. Please upgrade to FortiMail version 7.2.0 or above Please upgrade to FortiMail version 7.0.3 or above Please upgrade to FortiMail version 6.4.7 or above Please upgrade to FortiOS version 7.0.8 or above. Please upgrade to FortiOS version 7.2.2 or above. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY2HnwckNZI30y1K9AQh/fw//Sk726d9+ttlcrfmL/vNURKy2ZCQXqmvz P6SOvdBAXR+TIhtvnzqI2nb4MzT/2kXSHhnUhG7DfFUZxluSj98e7+SulJnkFerO bKbGRwEJLx9gdVyfEMU4y0qHNwJGQzJQXG5yr3VGbZG1G41Aqujuw6NGXpptn18O UN3DNNDDaVHCJQRxSVVrOxChbNasMVQ9TEELJVB/oLFf1/O/flbEzarMxhNGw5eM ltmRmfMSa8nFJlcOYzpvsij7LxqpBjkSDtQojabv3ISHWvOwEvhoE4KQfDf3FQlb i0mEWdfwg0hXBOVSw0pba8KiEx1HsQuVAYcpDlrU/hsrxjEVJD77c9c/ZP/P+hLw Q7ErLYngvbqxiWlJj5i58Bp0ABSv8G2LcdgAQl+grmT42P+3lVmzNkWGZj7LrMwu ZuG0oLzNjgphVJzGTbvSOKbmumiULt+4NrReEaP7EifuGHIvgbYWV23WixRrQDCo pEKuiIZsjvC2phB5o1N2+PaK6bq2mR0NCRnCh5aA83lxS7HA3AoKgB/qswR9zfCy qsuVpD1FoLX1nWTOpqTkRFYLrDjCsXVM5k6FcM9+a8+ZFwh2bY5K5hMLu9FqnTS+ sCixIPE9zcqVw/bPwlhctW+YoO3QF63qOdJM4L8ABIAVFXBjiTagjtmkBzGWTlr1 rddbl1b4SqA= =eC38 -----END PGP SIGNATURE-----