The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding the release of security updates by Fortinet for several of its products. The updates address a range of vulnerabilities, including critical ones, that could potentially allow cyber threat actors to exploit affected systems for unauthorized code execution, access control bypass, and other malicious activities.
Key Vulnerabilities and Updates:
- FortiClientEMS SQL Injection (CVE-2023-48788):
- Description: A critical SQL injection vulnerability in FortiClient Enterprise Management Server (EMS) versions 7.0.1 through 7.0.10 and 7.2.0 through 7.2.2. This flaw allows unauthenticated attackers to execute unauthorized code with SYSTEM privileges on affected servers.
- Impact: Remote code execution as SYSTEM on the server.
- Mitigation: Upgrade to FortiClientEMS versions 7.0.11 or 7.2.3 or above.
- FortiOS and FortiProxy Out-of-Bounds Write (CVE-2023-42789):
- Description: A critical out-of-bounds write vulnerability in the captive portal of FortiOS and FortiProxy. This vulnerability allows an unauthenticated attacker with access to the captive portal to execute arbitrary code or commands via specially crafted HTTP requests.
- Impact: Remote code execution and unauthorized command execution.
- Mitigation: Upgrade to the specified patched versions of FortiOS and FortiProxy.
- FortiOS and FortiProxy Authorization Bypass (CVE-2023-42790):
- Description: An authorization bypass vulnerability in the SSLVPN bookmarks of FortiOS and FortiProxy. This flaw could allow attackers to bypass authentication mechanisms.
- Impact: Unauthorized access to protected resources.
- Mitigation: Upgrade to the latest versions of FortiOS and FortiProxy that address this vulnerability.
- FortiWLM MEA for FortiManager Improper Access Control (CVE-2023-36554):
- Description: An improper access control issue in the backup and restore features of FortiWLM MEA for FortiManager. This vulnerability could allow attackers to execute arbitrary commands or code on vulnerable systems.
- Impact: Execution of arbitrary commands or code.
- Mitigation: Apply security updates provided by Fortinet.
- CSV Injection in FortiClient EMS (CVE-2023-47534):
- Description: A CSV injection vulnerability in the log download feature of FortiClientEMS. This flaw could be exploited to execute arbitrary commands.
- Impact: Execution of arbitrary commands via CSV injection.
- Mitigation: Update to a version of FortiClientEMS that addresses this vulnerability.
CISA’s Recommendations:
- Prompt Updates: CISA urges users and administrators of affected Fortinet products to review the advisories and apply the necessary security updates promptly.
- Vigilance: Organizations should remain vigilant for signs of exploitation, particularly for critical vulnerabilities like CVE-2023-48788 and CVE-2023-42789.
- Security Best Practices: Regularly review and implement security best practices to protect against potential attacks exploiting these vulnerabilities.
In conclusion, Fortinet has released critical security updates to address multiple vulnerabilities in its products, including FortiClientEMS, FortiOS, FortiProxy, and FortiWLM MEA for FortiManager. These vulnerabilities, if left unpatched, could allow cyber threat actors to exploit affected systems for unauthorized code execution, access control bypass, and other malicious activities. CISA strongly encourages users and administrators to review the advisories and apply the necessary updates promptly to mitigate the risks associated with these vulnerabilities. Organizations should also remain vigilant for signs of exploitation and regularly review and implement security best practices to protect their networks and systems from potential attacks.
