Fortinet Products Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, elevation of privilege and security restriction bypass on the targeted system.
[Updated on 2024-03-22]
For CVE-2023-48788, an improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests.
Note: This vulnerability is exploited in the wild. Hence, the risk level is rated from Medium Risk to Extremely High Risk.
Impact
- Security Restriction Bypass
- Remote Code Execution
- Elevation of Privilege
System / Technologies affected
For CVE-2023-48788
- FortiClientEMS version 7.0.1 through 7.0.10
- FortiClientEMS version 7.2.0 through 7.2.2
For Others CVE
- FortiClientEMS 6.0 all versions
- FortiClientEMS 6.2 all versions
- FortiClientEMS 6.4 all versions
- FortiClientEMS version 7.0.0 through 7.0.10
- FortiClientEMS version 7.2.0 through 7.2.2
- FortiOS version 6.2.0 through 6.2.15
- FortiOS version 6.4.0 through 6.4.14
- FortiOS version 7.0.0 through 7.0.12
- FortiOS version 7.0.1 through 7.0.13
- FortiOS version 7.2.0 through 7.2.6
- FortiOS version 7.4.0 through 7.4.1
- FortiProxy version 2.0.0 through 2.0.13
- FortiProxy version 7.0.0 through 7.0.14
- FortiProxy version 7.2.0 through 7.2.8
- FortiProxy version 7.4.0 through 7.4.2
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
For CVE-2023-48788
For Others CVE
- https://fortiguard.fortinet.com/psirt/FG-IR-23-328
- https://fortiguard.fortinet.com/psirt/FG-IR-24-013
- https://fortiguard.fortinet.com/psirt/FG-IR-23-424
- https://fortiguard.fortinet.com/psirt/FG-IR-23-390
Vulnerability Identifier
Source
Related Link
Related Tags
Share with