mickmick.net

Fortinet Products Multiple Vulnerabilities

Release Date: 13 Mar 2024

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, elevation of privilege and security restriction bypass on the targeted system.

---

Impact

• Security Restriction Bypass
• Remote Code Execution
• Elevation of Privilege

---

System / Technologies affected

• FortiClientEMS 6.0 all versions
• FortiClientEMS 6.2 all versions
• FortiClientEMS 6.4 all versions
• FortiClientEMS version 7.0.0 through 7.0.10
• FortiClientEMS version 7.2.0 through 7.2.2
• FortiOS version 6.2.0 through 6.2.15
• FortiOS version 6.4.0 through 6.4.14
• FortiOS version 7.0.0 through 7.0.12
• FortiOS version 7.0.1 through 7.0.13
• FortiOS version 7.2.0 through 7.2.6
• FortiOS version 7.4.0 through 7.4.1
• FortiProxy version 2.0.0 through 2.0.13
• FortiProxy version 7.0.0 through 7.0.14
• FortiProxy version 7.2.0 through 7.2.8
• FortiProxy version 7.4.0 through 7.4.2

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://fortiguard.fortinet.com/psirt/FG-IR-23-328
• https://fortiguard.fortinet.com/psirt/FG-IR-24-013
• https://fortiguard.fortinet.com/psirt/FG-IR-23-424
• https://fortiguard.fortinet.com/psirt/FG-IR-23-390
• https://fortiguard.fortinet.com/psirt/FG-IR-24-007

---

Vulnerability Identifier

• CVE-2023-42789
• CVE-2023-42790
• CVE-2023-46717
• CVE-2023-47534
• CVE-2023-48788
• CVE-2024-23112

---

Source

• Fortinet

---

Related Link

• https://fortiguard.fortinet.com/psirt/FG-IR-23-328
• https://fortiguard.fortinet.com/psirt/FG-IR-24-013
• https://fortiguard.fortinet.com/psirt/FG-IR-23-424
• https://fortiguard.fortinet.com/psirt/FG-IR-23-390
• https://fortiguard.fortinet.com/psirt/FG-IR-24-007