Summary: Fortinet has fixed multiple vulnerabilities in its products, including a critical remote code execution issue in FortiClientLinux, which could allow an attacker to execute arbitrary code by tricking a user into visiting a malicious website.
Threat Actor: N/A
Victim: Fortinet | Fortinet
Key Point :
- Fortinet has patched a critical remote code execution vulnerability (CVE-2023-45590) in FortiClientLinux, which could be exploited by an attacker to execute arbitrary code by tricking a user into visiting a specially crafted website.
- The vulnerability affects multiple versions of FortiClientLinux, and users are advised to upgrade to the patched versions (7.2.1 or above for FortiClientLinux 7.2, 7.0.11 or above for FortiClientLinux 7.0).
- The vulnerability was discovered by security researcher CataLpa from Dbappsecurity.
- The US CISA has issued an alert urging Fortinet users to apply the necessary security updates released by the vendor.
Fortinet fixed a dozen vulnerabilities in multiple products, including a critical-severity remote code execution (RCE) issue, tracked as CVE-2023-45590 (CVSS score of 9.4), in FortiClientLinux.
The vulnerability is an Improper Control of Generation of Code (‘Code Injection’) issue that resides in FortiClientLinux. An unauthenticated attacker can trigger the flaw to execute arbitrary code by tricking a FortiClientLinux user into visiting a specially crafted website.
“An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.” reads the advisory published by Fortinet.
Below are the impacted versions and the one released by the company to fix the issue.
| Version | Affected | Solution |
|---|---|---|
| FortiClientLinux 7.2 | 7.2.0 | Upgrade to 7.2.1 or above |
| FortiClientLinux 7.0 | 7.0.6 through 7.0.10 | Upgrade to 7.0.11 or above |
| FortiClientLinux 7.0 | 7.0.3 through 7.0.4 | Upgrade to 7.0.11 or above |
The vulnerability was reported to Fortinet by the security researcher CataLpa from Dbappsecurity.
Fortinet did not reveal if this vulnerability is actively exploited in attacks in the wild.
US CISA published an alert to warn Fortinet users of the security updates released by the vendor to address multiple vulnerabilities in its products, including OS and FortiProxy.
“Fortinet released security updates to address vulnerabilities in multiple products, including OS and FortiProxy. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.” reads the alert that encourages users and administrators to review the following advisories and apply necessary updates:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Fortinet)
Source: https://securityaffairs.com/161674/security/forticlientlinux-rce.html
“An interesting youtube video that may be related to the article above”