{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-036.pdf"
    },
    "title": "Vulnerabilities in Fortinet products",
    "serial_number": "2024-036",
    "publish_date": "11-04-2024 09:01:43",
    "description": "On April 11, 2024, Fortinet released multiple advisories regarding high and critical vulnerabilities affecting FortiOS, FortiProxy, FortiClient Mac and FortiClient Linux. <br>\nIt is recommended upgrading affected software as soon as possible.<br>\n",
    "url_title": "2024-036",
    "content_markdown": "---\ntitle: 'Vulnerabilities in Fortinet products'\nnumber: '2024-036'\nversion: '1.0'\noriginal_date: 'April 9, 2024'\ndate: 'April 11, 2024'\n---\n\n_History:_\n\n* _11/04/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn April 11, 2024, Fortinet released multiple advisories regarding high and critical vulnerabilities affecting FortiOS, FortiProxy, FortiClient Mac and FortiClient Linux [1]. \n\nIt is recommended upgrading affected software as soon as possible.\n\n# Technical Details\n\nThe vulnerability **CVE-2023-45590** [2], with a CVSS score of 9.4, is due to an improper control of generation of code. It may allow an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.\n\nThe vulnerabilities **CVE-2023-45588** and **CVE-2024-31492** [3], with a CVSS score of 7.8, are due to an external control of file name or path vulnerability. It may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in `/tmp` before starting the installation process.\n\nThe vulnerability **CVE-2023-41677** [4], with a CVSS score of 7.5, is due to an insufficiently protected credential. It may allow an attacker to obtain the administrator cookie in rare and specific conditions, via tricking the administrator into visiting a malicious attacker-controlled website through the SSL-VPN.\n\n# Affected Products\n\nThe following product versions are affected:\n\n**CVE-2023-45590**:\n\n- FortiClientLinux version 7.2.0;\n- FortiClientLinux version 7.0.6 through 7.0.10;\n- FortiClientLinux version 7.0.3 through 7.0.4.\n\n**CVE-2023-45588** and **CVE-2024-31492**:\n\n- FortiClientMac version 7.2.0 through 7.2.3;\n- FortiClientMac version 7.0.6 through 7.0.10.\n\n**CVE-2023-41677**:\n\n- FortiOS version 7.4.0 through 7.4.1;\n- FortiOS version 7.2.0 through 7.2.6;\n- FortiOS version 7.0.0 through 7.0.12;\n- FortiOS version 6.4.0 through 6.4.14;\n- FortiOS version 6.2.0 through 6.2.15;\n- FortiOS 6.0 all versions;\n- FortiProxy version 7.4.0 through 7.4.1;\n- FortiProxy version 7.2.0 through 7.2.7;\n- FortiProxy version 7.0.0 through 7.0.13;\n- FortiProxy 2.0 all versions;\n- FortiProxy 1.2 all versions;\n- FortiProxy 1.1 all versions;\n- FortiProxy 1.0 all versions.\n\n# Recommendations\n\nCERT-EU strongly recommends updating affected software to the latest versions by following the instructions given by the vendor [2,3,4].\n\n# References\n\n[1] <https://www.securityweek.com/fortinet-patches-critical-rce-vulnerability-in-forticlientlinux/>\n\n[2] <https://www.fortiguard.com/psirt/FG-IR-23-087>\n\n[3] <https://www.fortiguard.com/psirt/FG-IR-23-345>\n\n[4] <https://www.fortiguard.com/psirt/FG-IR-23-493>\n\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>11/04/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On April 11, 2024, Fortinet released multiple advisories regarding high and critical vulnerabilities affecting FortiOS, FortiProxy, FortiClient Mac and FortiClient Linux [1]. </p><p>It is recommended upgrading affected software as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2023-45590</strong> [2], with a CVSS score of 9.4, is due to an improper control of generation of code. It may allow an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.</p><p>The vulnerabilities <strong>CVE-2023-45588</strong> and <strong>CVE-2024-31492</strong> [3], with a CVSS score of 7.8, are due to an external control of file name or path vulnerability. It may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in <code>/tmp</code> before starting the installation process.</p><p>The vulnerability <strong>CVE-2023-41677</strong> [4], with a CVSS score of 7.5, is due to an insufficiently protected credential. It may allow an attacker to obtain the administrator cookie in rare and specific conditions, via tricking the administrator into visiting a malicious attacker-controlled website through the SSL-VPN.</p><h2 id=\"affected-products\">Affected Products</h2><p>The following product versions are affected:</p><p><strong>CVE-2023-45590</strong>:</p><ul><li>FortiClientLinux version 7.2.0;</li><li>FortiClientLinux version 7.0.6 through 7.0.10;</li><li>FortiClientLinux version 7.0.3 through 7.0.4.</li></ul><p><strong>CVE-2023-45588</strong> and <strong>CVE-2024-31492</strong>:</p><ul><li>FortiClientMac version 7.2.0 through 7.2.3;</li><li>FortiClientMac version 7.0.6 through 7.0.10.</li></ul><p><strong>CVE-2023-41677</strong>:</p><ul><li>FortiOS version 7.4.0 through 7.4.1;</li><li>FortiOS version 7.2.0 through 7.2.6;</li><li>FortiOS version 7.0.0 through 7.0.12;</li><li>FortiOS version 6.4.0 through 6.4.14;</li><li>FortiOS version 6.2.0 through 6.2.15;</li><li>FortiOS 6.0 all versions;</li><li>FortiProxy version 7.4.0 through 7.4.1;</li><li>FortiProxy version 7.2.0 through 7.2.7;</li><li>FortiProxy version 7.0.0 through 7.0.13;</li><li>FortiProxy 2.0 all versions;</li><li>FortiProxy 1.2 all versions;</li><li>FortiProxy 1.1 all versions;</li><li>FortiProxy 1.0 all versions.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends updating affected software to the latest versions by following the instructions given by the vendor [2,3,4].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.securityweek.com/fortinet-patches-critical-rce-vulnerability-in-forticlientlinux/\">https://www.securityweek.com/fortinet-patches-critical-rce-vulnerability-in-forticlientlinux/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.fortiguard.com/psirt/FG-IR-23-087\">https://www.fortiguard.com/psirt/FG-IR-23-087</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.fortiguard.com/psirt/FG-IR-23-345\">https://www.fortiguard.com/psirt/FG-IR-23-345</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.fortiguard.com/psirt/FG-IR-23-493\">https://www.fortiguard.com/psirt/FG-IR-23-493</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}