Information for
Multiple Vulnerabilities in Fortinet Products
Components Affected
- FortiClientEMS 6.0 all versions
- FortiClientEMS 6.2 all versions
- FortiClientEMS 6.4 all versions
- FortiClientEMS version 7.0.0 through 7.0.10
- FortiClientEMS version 7.2.0 through 7.2.2
- FortiOS version 6.2.0 through 6.2.15
- FortiOS version 6.4.0 through 6.4.14
- FortiOS version 7.0.0 through 7.0.12
- FortiOS version 7.0.1 through 7.0.13
- FortiOS version 7.2.0 through 7.2.6
- FortiOS version 7.4.0 through 7.4.1
- FortiProxy version 2.0.0 through 2.0.13
- FortiProxy version 7.0.0 through 7.0.14
- FortiProxy version 7.2.0 through 7.2.8
- FortiProxy version 7.4.0 through 7.4.2
Overview
Multiple vulnerabilities were identified in Fortinet Products, where a remote attacker could exploit some of these vulnerabilities to trigger remote code execution, elevation of privilege and security restriction bypass on the targeted system.
Description
Multiple vulnerabilities have been discovered in various Fortinet products, posing a significant security risk.
- An improper neutralization of special elements used in SQL Injection vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted requests.
- An improper neutralization of formula elements in a CSV File vulnerability [CWE- 1236] may allow a remote and unauthenticated attacker to execute arbitrary commands on the admin workstation via creating malicious log entries with crafted requests to the server.
- An improper authentication vulnerability [CWE-287] in FortiOS when configured with FortiAuthenticator in HA may allow an authenticated attacker with at least read- only permission to gain read-write access via successive login attempts.
- An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS and FortiProxy SSLVPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation.
- An out-of-bounds write vulnerability [CWE-787] and a Stack-based Buffer Overflow [CWE-121] in FortiOS & FortiProxy captive portal may allow an inside attacker who has access to captive portal to execute arbitrary code or commands via specially crafted HTTP requests.
Impact
- Security Restriction Bypass
- Remote Code Execution
- Elevation of Privilege
Solution/ Workarounds
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
https://fortiguard.fortinet.com/psirt/FG-IR-23-328
https://fortiguard.fortinet.com/psirt/FG-IR-24-013
https://fortiguard.fortinet.com/psirt/FG-IR-23-424
https://fortiguard.fortinet.com/psirt/FG-IR-23-390
https://fortiguard.fortinet.com/psirt/FG-IR-24-007
https://fortiguard.fortinet.com/psirt/FG-IR-24-013
https://fortiguard.fortinet.com/psirt/FG-IR-23-424
https://fortiguard.fortinet.com/psirt/FG-IR-23-390
https://fortiguard.fortinet.com/psirt/FG-IR-24-007
Reference
https://www.cyber.gc.ca/en/alerts-advisories/fortinet-security-advisory-av24-138
https://www.fortiguard.com/psirt
https://www.fortiguard.com/psirt
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind.
Connect with us
-
The decision we make today on cyber security will determine the security of the society in which we live tomorrow.
Total Users : 203725
© Sri Lanka CERT|CC 2024. All rights Reserved.
Designed and Developed by Procons Infotech
Skip to content
Designed and Developed by Procons Infotech