ADVISORY!
TLP : CLEAR
Date : 10/04/2024
REF NO : CERT / 2024/04/28
Fortinet Products Multiple Vulnerabilities
Severity Level: High
Components Affected
- FortiNAC-F version 7.2.0 through 7.2.4
- FortiClientLinux version 7.2
- FortiClientLinux version 7.0.3 through 7.0.4
- FortiClientLinux version 7.0.6 through 7.0.10
- FortiClientMac version 7.0.6 through 7.0.10
- FortiClientMac version 7.2.0 through 7.2.3
- FortiOS 6.0 all versions
- FortiOS 6.4 all versions
- FortiOS 7.0 all versions
- FortiOS version 6.2.0 through 6.2.15
- FortiOS version 7.2.0 through 7.2.7
- FortiOS version 7.4.0 through 7.4.1
- FortiProxy 1.0 all versions
- FortiProxy 1.1 all versions
- FortiProxy 1.2 all versions
- FortiProxy 2.0 all versions
- FortiProxy version 7.0.0 through 7.0.13
- FortiProxy version 7.2.0 through 7.2.7
- FortiProxy version 7.4.0 through 7.4.1
Overview
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure, elevation of privilege and security restriction bypass on the targeted system.
Description
A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack.
A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or commands via specially crafted requests.
An exposure of sensitive information to an unauthorized actor in Fortinet FortiOS at least version at least 7.4.0 through 7.4.1 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.15 and 6.4.0 through 6.4.15 allows attacker to information disclosure via HTTP requests.
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.
Impact
- Security Restriction Bypass
- Remote Code Execution
- Elevation of Privilege
- Information Disclosure
Solution/ Workarounds
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://fortiguard.fortinet.com/psirt/FG-IR-23-087
- https://fortiguard.fortinet.com/psirt/FG-IR-23-224
- https://fortiguard.fortinet.com/psirt/FG-IR-23-288
- https://fortiguard.fortinet.com/psirt/FG-IR-23-345
- https://fortiguard.fortinet.com/psirt/FG-IR-23-413
- https://fortiguard.fortinet.com/psirt/FG-IR-23-493
Reference
- https://fortiguard.fortinet.com/psirt/FG-IR-23-087
- https://fortiguard.fortinet.com/psirt/FG-IR-23-224
- https://fortiguard.fortinet.com/psirt/FG-IR-23-288
- https://fortiguard.fortinet.com/psirt/FG-IR-23-345
- https://fortiguard.fortinet.com/psirt/FG-IR-23-413
- https://fortiguard.fortinet.com/psirt/FG-IR-23-493
Disclaimer : The information provided herein is on an “as is” basis, without warranty of any kind.
Sri Lanka Computer Emergency Readiness Team | Coordination Centre
- Hotline : 101
- +94 11 269 1692
- Room 4-112, BMICH, Bauddhaloka Mawatha, Colombo 07, Sri Lanka.
- General inquiry: cert@cert.gov.lk
- Security incidents: incidents@cert.gov.lk
- Social media incidents: report@cert.gov.lk
