Fortinet Releases Multiple Security Advisories
The security advisories address two critical, two high, and two medium vulnerabilities impacting FortiOS, FortiClientEMS and FortiProxy
Summary
The security advisories address two critical, two high, and two medium vulnerabilities impacting FortiOS, FortiClientEMS and FortiProxy
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Fortinet has released security advisories to address multiple vulnerabilities.
The security advisories address two critical, two high, and two medium vulnerabilities impacting FortiOS, FortiClientEMS and FortiProxy.
Exploitation of CVE-2023-48788 and public PoC released
Fortinet has reported that CVE-2023-48788 (Pervasive SQL injection in DAS component of FortiClientEMS) is being exploited in the wild.
Public proof-of-concept code for the vulnerability has been published by security researchers.
Vulnerability details
- CVE-2023-42789 - CWE-787 - Out-of-bounds Write
CVE-2023-42789 is an out-of-bounds write vulnerability in Fortinet FortiOS, with a CVSSv3 score of 9.8, which could allow an attacker to execute unauthorised code or commands via specially crafted HTTP requests.
- CVE-2023-48788 - CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-48788 is an SQL Injection vulnerability, with a CVSSv3 score of 9.3, in FortiClientEMS (Fortinet's endpoint management server) which could allow an unauthenticated attacker to execute unauthorised code or commands via specifically crafted requests.
- CVE-2023-47534 - CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
CVE-2023-47534 is a CSV injection vulnerability, with a CVSSv3 score of 8.7, in FortiClientEMS which could allow an unauthenticated attacker to execute unauthorised code or commands on the admin workstation via specifically crafted requests in a downloaded log file.
- CVE-2023-42790 - CWE-121 - Stack-based Buffer Overflow
CVE-2023-42790 is a stack-based buffer overflow vulnerability in Fortinet FortiOS, with a CVSSv3 score of 8.1, which could allow an attacker to execute unauthorised code or commands via specially crafted HTTP requests.
- CVE-2024-23112 - CWE-639 - Authorization Bypass Through User-Controlled Key
CVE-2024-23112 is an authorisation bypass through user-controlled key vulnerability in FortiOS and FortiProxy SSLVPN, with a CVSSv3 score of 8.0, which could allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation.
- CVE-2023-46717 - CWE-287 - Improper Authentication
CVE-2023-46717 is an improper authentication vulnerability, with a CVSSv3 score of 7.5, in FortiOS (when configured with FortiAuthenticator in HA) which could allow an authenticated attacker with at least read-only permissions to gain read-write access via successive login attempts.
Threat updates
| Date | Update |
|---|---|
| 22 Mar 2024 | Exploitation of CVE-2023-48788 and proof-of-concept publicly available |
| 18 Mar 2024 | Added details of CVE-2023-47534 and updated FortiClientEMS versions affected. |
Remediation advice
Affected organisations are encouraged to review the following Fortinet Security Advisories below and apply the relevant updates.
Remediation steps
| Type | Step |
|---|---|
| Patch |
FortiOS & FortiProxy - Out-of-bounds Write in captive portal (Critical) CVE-2023-42789 https://www.fortiguard.com/psirt/FG-IR-23-328 |
| Patch |
FortiOS - Improper authentication following read-only user login (Medium) CVE-2023-46717 https://www.fortiguard.com/psirt/FG-IR-23-424 |
| Patch |
Pervasive SQL injection in DAS component (Critical) CVE-2023-48788 https://www.fortiguard.com/psirt/FG-IR-24-007 |
| Patch |
FortiOS & FortiProxy – Authorization bypass in SSLVPN bookmarks (High) CVE-2024-23112 https://www.fortiguard.com/psirt/FG-IR-24-013 |
| Patch |
FortiClientEMS - CSV injection in log download feature (High) CVE-2023-47534 https://www.fortiguard.com/psirt/FG-IR-23-390 |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 22 March 2024 8:52 am