Fortinet this week has released security updates to fix in FortiOS, FortiProxy, and FortiClientEMS.
The first vulnerability is an out-of-bounds write issue, tracked as (CVSS score 9.3), it can be exploited to execute unauthorized code or commands by sending specially crafted HTTP requests to vulnerable devices.
The vulnerability impacts Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13.
The vendor also addressed a high-severity stack-based buffer overflow vulnerability, tracked as CVE-2023-42790 (CVSS score 8.1). An attacker can exploit the vulnerability to execute unauthorized code or commands via specially crafted HTTP requests.
The vulnerability impacts Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13.
Gwendal Guégniaud of Fortinet Product Security Team discovered both vulnerabilities.
The security vendor also addressed a critical pervasive SQL injection issue, tracked as (CVSS score 9.3), in the DAS component.
“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests.” the advisory.
Below are the affected versions and the release that addressed this flaw.
Version | Affected | Solution |
---|---|---|
FortiClientEMS 7.2 | 7.2.0 through 7.2.2 | Upgrade to 7.2.3 or above |
FortiClientEMS 7.0 | 7.0.1 through 7.0.10 | Upgrade to 7.0.11 or above |
The flaw was reported by Thiago Santana from the ForticlientEMS development team and UK NCSC.
Fortinet is not aware of attacks in the wild exploiting these vulnerabilities.
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, Fortinet)