Fortinet on Tuesday announced patches for multiple vulnerabilities in its network security and management products, including critical-severity flaws leading to code execution.
The first critical bug is CVE-2023-42789, an out-of-bounds write issue in FortiOS and FortiProxy that could allow attackers to execute code or commands via crafted HTTP requests.
Discovered internally by Fortinet’s product security team, the issue was addressed alongside CVE-2023-42790, a high-severity stack-based buffer overflow vulnerability also leading to code execution.
Both issues impact the FortiOS and FortiProxy captive portal and were addressed with the release of FortiOS versions 7.4.2, 7.2.6, 7.0.13, 6.4.15, and 6.2.16, and FortiProxy versions 7.4.1, 7.2.7, 7.0.13, and 2.0.14.
The second critical-severity flaw is CVE-2023-48788, an SQL injection issue in FortiClientEMS that allows unauthenticated attackers to execute code or commands via crafted requests.
The issue was resolved with the release of FortiClientEMS versions 7.2.3 and 7.0.11.
It should be noted that Fortinet has assessed both CVE-2023-42789 and CVE-2023-48788 as having a CVSS score of 9.3, while the NIST NVD lists both with a CVSS score of 9.8.
On Tuesday, Fortinet also announced patches for several high-severity bugs in its products, including an authorization bypass in FortiOS and FortiProxy (leading to information disclosure), a CSV injection in the log download feature of FortiClientEMS (leading to command execution), and an improper access control in FortiWLM MEA for FortiManager (leading to code execution).
Medium-severity security holes in FortiOS and FortiManager, FortiAnalyzer, FortiAnalyzer-BigData, and FortiPortal were also resolved.
Fortinet makes no mention of any of these vulnerabilities being exploited in the wild, but threat actors are known to have targeted Fortinet flaws for which patches have been released.
Users and administrators are advised to apply the available patches as soon as possible. Additional information on the bugs can be found on Fortinet’s PSIRT advisories page.
Successful exploitation of these issues could allow threat actors to take over vulnerable systems, the US cybersecurity agency CISA warns.
Related: SAP Patches Critical Command Injection Vulnerabilities
Related: ICS Patch Tuesday: Siemens Ruggedcom Devices Impacted by 45 Fortinet Vulnerabilities
Related: Fortinet Warns of New FortiOS Zero-Day
Related: Patch Tuesday: Microsoft Flags Major Bugs in HyperV, Exchange Server
