Multiple Fortinet Vulnerabilities Let Attackers Execute Arbitrary Code
Just a few vulnerabilities were chanced on in FortiOS and FortiProxy that were linked to administrator cookie leakage, arbitrary list execution and aloof data publicity.
These vulnerabilities were assigned with CVEs as CVE-2023-41677, CVE-2023-48784 and CVE-2024-23662.
The severity for these vulnerabilities vary between 5 (Medium) to 7.5 (High).
Nevertheless, these vulnerabilities were patched accordingly by Fortinet and relevant safety advisories were revealed for addressing these vulnerabilities.
Vulnerability Evaluation
CVE-2023-41677: Administrator Cookie Leakage In FortiOS And FortiProxy
This teach vulnerability permits a threat actor to gain administrator cookies on particular cases that are most definitely rare.
Below these cases, the threat actors can trick the administrator into visiting a malicious attacker-managed web exclaim thru SSL-VPN and snatch administrator cookies.
This vulnerability exists attributable to insufficient protection of credentials.
The severity for this vulnerability became once given as 7.5 (High) and affects multiple FortiOS and FortiProxy variations.
AI-Powered Security for Alternate E-mail Security
Trustifi’s Superior threat protection prevents the widest spectrum of refined attacks before they reach a user’s mailbox. Stopping ninety nine% of phishing attacks neglected by other electronic mail safety alternate choices. .
CVE-2023-48784: Arbitrary Code Execution In FortiOS
This vulnerability exists attributable to the advise of an externally managed format string in FortiOS list line interface which permits a threat actor with local nice-admin profile and CLI salvage admission to to achieve arbitrary code or commands by the advise of namely crafted requests.
The severity for this vulnerability became once given as 6.1 (Medium). Products struggling from these vulnerabilities encompass multiple variations of FortiOS bigger than 6.4.
CVE-2024-23662: Relaxed Knowledge Exposure Vulnerability In FortiOS
An unauthorized and unauthenticated threat actor can exploit this vulnerability and procure aloof data comparable to software program variations of affected FortiOS variations by the advise of HTTP requests.
The severity for this vulnerability became once given as 5.0 (Medium).
Affected Products And Mounted In Variations
| CVE | Version | Affected | Resolution |
| CVE-2023-41677 | FortiOS 7.4FortiOS 7.2FortiOS 7.0FortiOS 6.4FortiOS 6.2FortiOS 6.0FortiProxy 7.4FortiProxy 7.2FortiProxy 7.0FortiProxy 2.0FortiProxy 1.2FortiProxy 1.1FortiProxy 1.0 | 7.4.0 thru 7.4.17.2.0 thru 7.2.67.0.0 thru 7.0.126.4.0 thru 6.4.146.2.0 thru 6.2.156.0 all versions7.4.0 thru 7.4.17.2.0 thru 7.2.77.0.0 thru 7.0.132.0 all versions1.2 all versions1.1 all versions1.0 all variations | Enhance to 7.4.2 or aboveUpgrade to 7.2.7 or aboveUpgrade to 7.0.13 or aboveUpgrade to 6.4.15 or aboveUpgrade to 6.2.16 or aboveMigrate to a mounted releaseUpgrade to 7.4.2 or aboveUpgrade to 7.2.8 or aboveUpgrade to 7.0.14 or aboveMigrate to a mounted releaseMigrate to a mounted releaseMigrate to a mounted releaseMigrate to a mounted begin |
| CVE-2023-48784 | FortiOS 7.4FortiOS 7.2FortiOS 7.0FortiOS 6.4 | 7.4.0 thru 7.4.17.2.0 thru 7.2.77.0 all versions6.4 all variations | Enhance to 7.4.2 or aboveUpgrade to 7.2.8 or aboveMigrate to a mounted releaseMigrate to a mounted begin |
| CVE-2024-23662 | FortiOS 7.4FortiOS 7.2FortiOS 7.0FortiOS 6.4 | 7.4.0 thru 7.4.17.2.0 thru 7.2.57.0 all versions6.4 all variations | Enhance to 7.4.2 or aboveUpgrade to 7.2.6 or aboveMigrate to a mounted releaseMigrate to a mounted begin |
Users of these products are advised to upgrade to the most celebrated variations to prevent threat actors from exploiting these vulnerabilities.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.
Source credit : cybersecuritynews.com
