SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Fortinet Patches Critical RCE Vulnerability in FortiClientLinux

Fortinet has released patches for a dozen vulnerabilities, including a critical-severity remote code execution flaw in FortiClientLinux.
Fortinet patches

Fortinet on Tuesday announced patches for a dozen vulnerabilities in FortiOS and other products, including a critical-severity remote code execution (RCE) bug in FortiClientLinux.

The critical flaw, tracked as CVE-2023-45590 (CVSS score of 9.4), is described as a code injection issue that could allow an unauthenticated, remote attacker to execute arbitrary code or commands by convincing a user to visit a malicious website.

According to Fortinet’s advisory, the vulnerability impacts FortiClientLinux versions 7.2.0, 7.0.6 through 7.0.10, and 7.0.3 through 7.0.4, and was addressed with the release of versions 7.2.1 and 7.0.11.

On Tuesday, Fortinet also released patches for several high-severity vulnerabilities in FortiOS, FortiProxy, FortiClientMac, and FortiSandbox.

Tracked as CVE-2023-41677 and impacting FortiOS and FortiProxy, the first high-severity bug exists because credentials are not sufficiently protected, allowing attackers to obtain the administrator cookie by convincing the administrator to visit a malicious website through the SSL-VPN.

Successful exploitation of the flaw could allow attackers to execute arbitrary code or commands.

Advertisement. Scroll to continue reading.

Next in line are two issues in FortiClientMac, tracked as CVE-2023-45588 and CVE-2024-31492, that could allow a local attacker to execute arbitrary code or commands via malicious configuration files placed in the temporary directory before starting the FortiClientMac installation process.

Fortinet also announced patches for three high-severity vulnerabilities in FortiSandbox, which could lead to arbitrary file deletion (CVE-2024-23671) or arbitrary command execution (CVE-2024-21755 and CVE-2024-21756).

Patches for several medium-severity flaws in FortiOS, FortiSandbox, and FortiNAC-F were also released.

Fortinet makes no mention of any of these vulnerabilities being exploited in attacks. Additional information can be found on the company’s PSIRT advisories page.

Users are advised to update their Fortinet appliances as soon as possible. “A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system,” the US cybersecurity agency CISA warns.

Related: Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks

Related: Fortinet Patches Critical Vulnerabilities Leading to Code Execution

Related: Fortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Why Email Security Keeps Failing (And What Has to Change)
July 8, 2026

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

Virtual Event: 2026 Cloud Security Summit
July 16, 2026

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

Philip Martin has joined Uber as Chief Information Security Officer.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.