Multiple Fortinet Vulnerabilities Let Attackers Execute Arbitrary Code

Multiple vulnerabilities have been discovered in FortiOS and FortiProxy that were related to administrator cookie leakage, arbitrary command execution and sensitive information exposure.

These vulnerabilities have been assigned with CVEs as CVE-2023-41677, CVE-2023-48784 and CVE-2024-23662.

The severity for these vulnerabilities range between 5 (Medium) to 7.5 (High).

However, these vulnerabilities have been patched accordingly by Fortinet and relevant security advisories have been published for addressing these vulnerabilities

Vulnerability Analysis

This particular vulnerability allows a threat actor to obtain administrator cookies on specific conditions that are probably rare.

Under these conditions, the threat actors can trick the administrator into visiting a malicious attacker-controlled website through SSL-VPN and steal administrator cookies.

This vulnerability exists due to insufficient protection of credentials.

The severity for this vulnerability was given as 7.5 (High) and affects multiple FortiOS and FortiProxy versions.

CVE-2023-48784: Arbitrary Code Execution In FortiOS

This vulnerability exists due to the use of an externally controlled format string in FortiOS command line interface which allows a threat actor with local super-admin profile and CLI access to execute arbitrary code or commands by using specially crafted requests.

The severity for this vulnerability was given as 6.1 (Medium). Products affected by these vulnerabilities include multiple versions of FortiOS greater than 6.4. 

CVE-2024-23662: Sensitive Information Exposure Vulnerability In FortiOS

An unauthorized and unauthenticated threat actor can exploit this vulnerability and gather sensitive information such as device versions of affected FortiOS versions by using HTTP requests.

The severity for this vulnerability was given as 5.0 (Medium). 

Affected Products And Fixed In Versions

CVEVersionAffectedSolution
CVE-2023-41677FortiOS 7.4FortiOS 7.2FortiOS 7.0FortiOS 6.4FortiOS 6.2FortiOS 6.0FortiProxy 7.4FortiProxy 7.2FortiProxy 7.0FortiProxy 2.0FortiProxy 1.2FortiProxy 1.1FortiProxy 1.07.4.0 through 7.4.17.2.0 through 7.2.67.0.0 through 7.0.126.4.0 through 6.4.146.2.0 through 6.2.156.0 all versions7.4.0 through 7.4.17.2.0 through 7.2.77.0.0 through 7.0.132.0 all versions1.2 all versions1.1 all versions1.0 all versionsUpgrade to 7.4.2 or aboveUpgrade to 7.2.7 or aboveUpgrade to 7.0.13 or aboveUpgrade to 6.4.15 or aboveUpgrade to 6.2.16 or aboveMigrate to a fixed releaseUpgrade to 7.4.2 or aboveUpgrade to 7.2.8 or aboveUpgrade to 7.0.14 or aboveMigrate to a fixed releaseMigrate to a fixed releaseMigrate to a fixed releaseMigrate to a fixed release
CVE-2023-48784FortiOS 7.4FortiOS 7.2FortiOS 7.0FortiOS 6.47.4.0 through 7.4.17.2.0 through 7.2.77.0 all versions6.4 all versionsUpgrade to 7.4.2 or aboveUpgrade to 7.2.8 or aboveMigrate to a fixed releaseMigrate to a fixed release
CVE-2024-23662FortiOS 7.4FortiOS 7.2FortiOS 7.0FortiOS 6.47.4.0 through 7.4.17.2.0 through 7.2.57.0 all versions6.4 all versionsUpgrade to 7.4.2 or aboveUpgrade to 7.2.6 or aboveMigrate to a fixed releaseMigrate to a fixed release

Users of these products are recommended to upgrade to the latest versions to prevent threat actors from exploiting these vulnerabilities.

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*