Fortinet Addresses Critical Vulnerability In FortiClientLinux
FortiOS, FortiProxy, FortiClientMac and FortiSandbox also patched
Fortinet has patched a critical remote code execution (RCE) vulnerability in FortiClientLinux, among multiple vulnerabilities across various products.
On Tuesday, Fortinet announced the release of patches for several security bugs affecting FortiOS, FortiProxy, FortiClientMac, FortiSandbox, and most notably, FortiClientLinux.
The critical RCE flaw, identified as CVE-2023-45590 with a CVSS score of 9.4, is a code injection issue.
"An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website," Fortinet said in an advisory.
The vulnerability, attributed to a "dangerous nodejs configuration," affects FortiClientLinux versions 7.2.0, 7.0.6 through 7.0.10, and 7.0.3 through 7.0.4. Fortinet addressed the flaw with the release of FortiClientLinux versions 7.2.1 and 7.0.11.
Users are urged to apply patches promptly to mitigate the risk associated with this vulnerability.
In addition to CVE-2023-45590, the cybersecurity company also disclosed the following high-severity bugs affecting FortiOS, FortiProxy and FortiClientMac:
· FortiOS and FortiProxy vulnerability: According to Fortinet, a high-severity vulnerability, indexed as CVE-2023-41677, results from insufficient protection of credentials in multiple versions of FortiOS and FortiProxy. The company warned that attackers could exploit this bug by convincing an administrator to visit a malicious website via SSL-VPN, potentially allowing them to execute arbitrary code.
· FortiClientMac vulnerabilities: Two vulnerabilities, CVE-2023-45588 and CVE-2024-31492, have been identified that could enable a local attacker to execute arbitrary code. This could be achieved by placing malicious configuration files in the temporary directory prior to initiating the FortiClientMac installation process.
"An external control of file name or path vulnerability [CWE-73] in FortiClientMac's installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process," the advisory by Fortinet states.
· FortiSandbox: Fortinet has also released patches for the following three high-severity vulnerabilities:
• CVE-2024-23671: Could lead to arbitrary file deletion.
• CVE-2024-21755 and CVE-2024-21756: Could result in arbitrary command execution.
There is no current evidence of these flaws being exploited in attacks, according to Fortinet.
However, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning, stating that a threat actor could exploit these vulnerabilities to seize control of an affected system.
Fortinet vulnerabilities have been a frequent target for cyber attackers, with more than a dozen vulnerabilities in Fortinet products currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, including two added in 2024.
Last month, security nonprofit Shadowserver warned that over 133,000 Fortinet appliances were susceptible to a critical CVE-2024-21762 vulnerability, despite it being patched by Fortinet in early February.
With a severity score of 9.6 out of 10, this out-of-bounds write flaw affects the SSL VPN component, potentially enabling attackers to run code or commands through specially crafted HTTP requests.
Last month, Fortinet disclosed another critical-severity vulnerability, CVE-2023-48788, affecting FortiClient Endpoint Management Server (EMS). Experts warned of the likelihood of attackers exploiting this bug, given the availability of proof of concepts and historical targeting of Fortinet devices by threat actors.
In February, Fortinet patched two bugs tracked under the identifiers CVE-2024-23108 and CVE-2024-23109, threatening the security posture of organizations relying on FortiSIEM.
This article originally appeared on our sister site Computing.