Fortinet closes some critical security vulnerabilities on March Patch Tuesday. Updates are available for several vulnerable products. Because Fortinet appliances are a popular target for malicious actors on the Internet, IT managers should download and apply updates quickly.
Advertisement
There are several security gaps in FortiOS and FortiProxy. They allow attackers from the network to execute arbitrary code in the captive portal or to inject commands into it using manipulated HTTP requests (CVE-2023-42789, CVE-2023-42790, CVSS 9.3Risk “critical“). In the SSL VPN of FortiOS and FortiProxy, authenticated attackers can gain access to other users' bookmarks by manipulating the URL (CVE-2024-23112, CVSS 7.2, hoch).
Fortinet: Further critical gaps
In FortiClientEMS, inadequate filtering of certain elements in a SQL command allows attackers to perform a SQL injection attack. Carefully crafted requests allow unauthenticated attackers to execute code or commands without authorization (CVE-2023-48788, CVSS 9.3, critical). In addition, malicious, unauthenticated actors from the network can execute arbitrary commands in FortiClientEMS due to insufficient filtering when processing CSV files in the admin workstation. Such manipulated requests can result in malicious log entries (CVE-2023-47534, CVSS 8.7, hoch).
Even in FortiManager, attackers who are not logged in from the Internet can inject and execute malicious code or commands using specially prepared requests. This is due to inadequate access control in FortiWLM MEA (CVE-2023-36554, CVSS 7.7, hoch). FortiWLM MEA is not installed by default and can easily be deactivated as a temporary countermeasure.
The gaps are closed by FortiOS 7.4.2, 7.2.7, 7.0.14, 6.4.15, 6.2.16 as well as FortiProxy 7.4.3, 7.2.9, 7.0.15 and 2.0.14. Versions 7.2.3 and 7.0.11 and newer of FortiClientEMS fix the vulnerabilities. Anyone who still uses the old versions from the development branches 6.4, 6.2 or 6.0 will have to migrate to the newer 7 version to plug the leaks. FortiManager is no longer vulnerable in versions 7.4.1, 7.2.4, 7.0.11 and 6.4.14 or newer.
The specific security reports from Fortinet also contain further information, such as how security gaps can be temporarily closed through configuration changes:
In February, Fortinet had already closed security gaps in the SSLVPN of FortiOS. Attackers had already exploited the gaps to inject malicious code.
(dmk)