Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS

Fortinet released security updates to address critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS.

Fortinet this week has released security updates to fix critical code execution vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS.

The first vulnerability is an out-of-bounds write issue, tracked as CVE-2023-42789 (CVSS score 9.3), it can be exploited to execute unauthorized code or commands by sending specially crafted HTTP requests to vulnerable devices.

The vulnerability impacts Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13.

The vendor also addressed a high-severity stack-based buffer overflow vulnerability, tracked as CVE-2023-42790 (CVSS score 8.1). An attacker can exploit the vulnerability to execute unauthorized code or commands via specially crafted HTTP requests.

The vulnerability impacts Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13.

Gwendal Guégniaud of Fortinet Product Security Team discovered both vulnerabilities.

The security vendor also addressed a critical pervasive SQL injection issue, tracked as CVE-2023-48788 (CVSS score 9.3), in the DAS component.

“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests.” reads the advisory.

Below are the affected versions and the release that addressed this flaw.

VersionAffectedSolution
FortiClientEMS 7.27.2.0 through 7.2.2Upgrade to 7.2.3 or above
FortiClientEMS 7.07.0.1 through 7.0.10Upgrade to 7.0.11 or above

The flaw was reported by Thiago Santana from the ForticlientEMS development team and UK NCSC.

Fortinet is not aware of attacks in the wild exploiting these vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Fortinet)

文 » A