NEWS

Fortinet has recently addressed critical security vulnerabilities affecting various products in its lineup, urging users to update their systems promptly.

Among these vulnerabilities, a significant flaw impacting FortiClientLinux (CVE-2023-45590) stands out, posing a severe risk of arbitrary code execution. This vulnerability, with a CVSS score of 9.4 out of 10, stems from an improper control of code generation, potentially exploited by tricking users into visiting malicious websites.

The affected versions of FortiClientLinux include 7.0.3 through 7.0.4, and 7.0.6 through 7.0.10, as well as version 7.2.0. Fortinet recommends upgrading to versions 7.0.11 or higher for 7.0.x series and version 7.2.1 or above for 7.2.0 to mitigate the risk. The discovery of this vulnerability is credited to security researcher CataLpa from Dbappsecurity.

Additionally, Fortinet has released patches addressing other vulnerabilities in its products. Notably, a flaw in the FortiClientMac installer (CVE-2023-45588 and CVE-2024-31492) has been identified, with CVSS scores of 7.8, potentially leading to code execution. Furthermore, a bug affecting FortiOS and FortiProxy (CVE-2023-41677) has been resolved, which could expose administrator cookies under certain circumstances, carrying a CVSS score of 7.5.

While there are no known instances of these vulnerabilities being exploited in the wild, Fortinet strongly advises users to keep their systems updated to minimize potential risks. This proactive approach helps mitigate the threat landscape and ensures the security and integrity of systems and data.