Fortinet Patches Critical RCE Vulnerability in FortiClientLinux

The critical flaw, tracked as CVE-2023-45590 (CVSS score of 9.4), is described as a code injection issue that could allow an unauthenticated, remote attacker to execute arbitrary code or commands by convincing a user to visit a malicious website.

According to Fortinet’s advisory, the vulnerability impacts FortiClientLinux versions 7.2.0, 7.0.6 through 7.0.10, and 7.0.3 through 7.0.4, and was addressed with the release of versions 7.2.1 and 7.0.11.

Tracked as CVE-2023-41677 and impacting FortiOS and FortiProxy, the first high-severity bug exists because credentials are not sufficiently protected, allowing attackers to obtain the administrator cookie by convincing the administrator to visit a malicious website through the SSL-VPN.

Fortinet also announced patches for three high-severity vulnerabilities in FortiSandbox, which could lead to arbitrary file deletion (CVE-2024-23671) or arbitrary command execution (CVE-2024-21755 and CVE-2024-21756).

Patches for several medium-severity flaws in FortiOS, FortiSandbox, and FortiNAC-F were also released.

Fortinet Patches Critical RCE Vulnerability in FortiClientLinux

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Fortinet Patches Critical RCE Vulnerability in FortiClientLinux

10-Apr-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address