ADVISORY!
TLP : CLEAR
Date : 09/02/2024
REF NO : CERT / 2024/02/12
Fortinet Products Multiple Vulnerabilities
Severity Level: High
Components Affected
- FortiProxy 7.4 version 7.4.0 through 7.4.1
- FortiProxy 7.2 version 7.2.0 through 7.2.7
- FortiProxy 7.0 all versions
- FortiOS 7.4 version 7.4.0 through 7.4.2
- FortiOS 7.2 version 7.2.0 through 7.2.6
- FortiOS 7.0 all versions
- FortiOS 6.4 version 6.4.0 through 6.4.14
- FortiOS 6.2 version 6.2.0 through 6.2.15
- FortiOS 6.0 all versions
- FortiNAC 9.4 version 9.4.0 through 9.4.3
- FortiNAC 9.2 all versions
- FortiNAC 9.1 all versions
- FortiNAC 8.8 all versions
- FortiNAC 8.7 all versions
- FortiNAC 8.6 all versions
- FortiNAC 8.5 all versions
- FortiNAC 8.3 all versions
- FortiNAC 7.2 version 7.2.0 through 7.2.2
- FortiClientEMS 7.2 version 7.2.0 through 7.2.2
- FortiClientEMS 7.0 version 7.0.6 through 7.0.10
- FortiClientEMS 7.0 version 7.0.0 through 7.0.4
- FortiClientEMS 6.4 all versions
- FortiClientEMS 6.2 all versions
Overview
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and cross-site scripting on the targeted system.
Description
The vulnerabilities in Fortinet products pose significant risks to system security. In FortiNAC, an improper neutralization of input vulnerability (CWE-79) enables a remote attacker to execute stored cross-site scripting attacks via name fields in policy audit logs. FortiClientEMS suffers from improper privilege management (CWE-269), allowing a site administrator with Super Admin privileges to conduct unauthorized global administrative operations across other sites through crafted HTTP/HTTPS requests. FortiOS is susceptible to an improper certificate validation flaw (CWE-295), potentially enabling attackers in Man-in-the-Middle positions to decipher and manipulate FortiLink communications between FortiOS and FortiSwitch devices. Furthermore, FortiOS contains an out-of-bounds write vulnerability (CWE-787), enabling remote, unauthenticated attackers to execute arbitrary code via specially crafted HTTP requests. Lastly, FortiOS’s fgfmd daemon is vulnerable to a use of externally-controlled format string flaw (CWE-134), which could allow remote attackers to execute arbitrary code or commands via specially crafted requests. These vulnerabilities collectively underscore the importance of promptly patching and securing Fortinet products to mitigate potential exploits and safeguard systems from unauthorized access and manipulation.
Impact
- Denial of Service
- Remote Code Execution
- Information Disclosure
- Cross-Site Scripting
Solution/ Workarounds
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Reference
- https://fortiguard.fortinet.com/psirt/FG-IR-23-063
- https://fortiguard.fortinet.com/psirt/FG-IR-23-301
- https://fortiguard.fortinet.com/psirt/FG-IR-23-357
- https://fortiguard.fortinet.com/psirt/FG-IR-23-397
- https://fortiguard.fortinet.com/psirt/FG-IR-24-015
- https://fortiguard.fortinet.com/psirt/FG-IR-24-029
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
