Description:
Fortinet released security advisories to address multiple vulnerabilities in Fortinet systems. An attacker could exploit these vulnerabilities by sending specially crafted requests to an affected system.
Affected Systems:
- FortiClientLinux version 7.0.3 through 7.0.4, 7.0.6 through 7.0.10, 7.2.0
- FortiClientMac version 7.0.6 through 7.0.10, 7.2.0 through 7.2.3
- FortiNAC-F version 7.2.0 through 7.2.4
- FortiOS version 6.0 (all versions), 6.2.0 through 6.2.15, version 6.4 (all versions), version 7.0 (all versions), 7.2.0 through 7.2.7, 7.4.0 through 7.4.1
- FortiProxy version 1.0 (all versions), version 1.1 (all versions), version 1.2 (all versions), version 2.0 (all versions), 7.0.0 through 7.0.13, 7.2.0 through 7.2.7, 7.4.0 through 7.4.1
Impact:
Successful exploitation of the vulnerabilities could lead to remote code execution, elevation of privilege, information disclosure or security restriction bypass of affected system.
Recommendation:
Patches for affected systems are now available. Administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://www.fortiguard.com/psirt/FG-IR-23-087
- https://www.fortiguard.com/psirt/FG-IR-23-224
- https://www.fortiguard.com/psirt/FG-IR-23-288
- https://www.fortiguard.com/psirt/FG-IR-23-345
- https://www.fortiguard.com/psirt/FG-IR-23-413
- https://www.fortiguard.com/psirt/FG-IR-23-493
- https://www.hkcert.org/security-bulletin/fortinet-products-multiple-vulnerabilities_20240410
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41677
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45590
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48784 (to CVE-2023-48785)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23662
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31492