Multiple Fortinet Vulnerabilities Let Attackers Execute Arbitrary Code
Multiple vulnerabilities have been discovered in FortiOS and FortiProxy that were related to administrator cookie leakage, arbitrary command execution and sensitive information exposure.
These vulnerabilities have been assigned with CVEs as CVE-2023-41677, CVE-2023-48784 and CVE-2024-23662.
The severity for these vulnerabilities range between 5 (Medium) to 7.5 (High).
However, these vulnerabilities have been patched accordingly by Fortinet and relevant security advisories have been published for addressing these vulnerabilities.
Vulnerability Analysis
CVE-2023-41677: Administrator Cookie Leakage In FortiOS And FortiProxy
This particular vulnerability allows a threat actor to obtain administrator cookies on specific conditions that are probably rare.
Under these conditions, the threat actors can trick the administrator into visiting a malicious attacker-controlled website through SSL-VPN and steal administrator cookies.
This vulnerability exists due to insufficient protection of credentials.
The severity for this vulnerability was given as 7.5 (High) and affects multiple FortiOS and FortiProxy versions.
CVE-2023-48784: Arbitrary Code Execution In FortiOS
This vulnerability exists due to the use of an externally controlled format string in FortiOS command line interface which allows a threat actor with local super-admin profile and CLI access to execute arbitrary code or commands by using specially crafted requests.
The severity for this vulnerability was given as 6.1 (Medium). Products affected by these vulnerabilities include multiple versions of FortiOS greater than 6.4.
CVE-2024-23662: Sensitive Information Exposure Vulnerability In FortiOS
An unauthorized and unauthenticated threat actor can exploit this vulnerability and gather sensitive information such as device versions of affected FortiOS versions by using HTTP requests.
The severity for this vulnerability was given as 5.0 (Medium).
Affected Products And Fixed In Versions
| CVE | Version | Affected | Solution |
| CVE-2023-41677 | FortiOS 7.4FortiOS 7.2FortiOS 7.0FortiOS 6.4FortiOS 6.2FortiOS 6.0FortiProxy 7.4FortiProxy 7.2FortiProxy 7.0FortiProxy 2.0FortiProxy 1.2FortiProxy 1.1FortiProxy 1.0 | 7.4.0 through 7.4.17.2.0 through 7.2.67.0.0 through 7.0.126.4.0 through 6.4.146.2.0 through 6.2.156.0 all versions7.4.0 through 7.4.17.2.0 through 7.2.77.0.0 through 7.0.132.0 all versions1.2 all versions1.1 all versions1.0 all versions | Upgrade to 7.4.2 or aboveUpgrade to 7.2.7 or aboveUpgrade to 7.0.13 or aboveUpgrade to 6.4.15 or aboveUpgrade to 6.2.16 or aboveMigrate to a fixed releaseUpgrade to 7.4.2 or aboveUpgrade to 7.2.8 or aboveUpgrade to 7.0.14 or aboveMigrate to a fixed releaseMigrate to a fixed releaseMigrate to a fixed releaseMigrate to a fixed release |
| CVE-2023-48784 | FortiOS 7.4FortiOS 7.2FortiOS 7.0FortiOS 6.4 | 7.4.0 through 7.4.17.2.0 through 7.2.77.0 all versions6.4 all versions | Upgrade to 7.4.2 or aboveUpgrade to 7.2.8 or aboveMigrate to a fixed releaseMigrate to a fixed release |
| CVE-2024-23662 | FortiOS 7.4FortiOS 7.2FortiOS 7.0FortiOS 6.4 | 7.4.0 through 7.4.17.2.0 through 7.2.57.0 all versions6.4 all versions | Upgrade to 7.4.2 or aboveUpgrade to 7.2.6 or aboveMigrate to a fixed releaseMigrate to a fixed release |
Users of these products are recommended to upgrade to the latest versions to prevent threat actors from exploiting these vulnerabilities.
