Critical Flaws in Fortinet’s FortiOS and FortiProxy: How to Protect Your System
Home » Business » Critical Flaws in Fortinet’s FortiOS and FortiProxy: How to Protect Your System

Critical Flaws in Fortinet’s FortiOS and FortiProxy: How to Protect Your System

by

Fortinet warns its customers about critical flaws in FortiOS and FortiProxy. Adversaries with access to the captive portal can execute arbitrary code via the flaws. The Dutch Digital Trust Center warns that the risk of abuse is high.

Fortinet has found two critical flaws in FortiOS and FortiProxy. The company recorded both errors together as FG-IR-23-328. CVE-2023-42789 is an out-of-bounds flaw that allows attackers to execute unauthorized code or commands via specially crafted HTTP requests. CVE-2023-42790 is a stack-based buffer overflowerror, which allows the same thing.

The bug is classified as serious. He gets a score of 9.3 on a scale of 10, which means he is critical. The Digital Trust Center estimate the vulnerabilities as High/High, which means that both the chance of misuse and the chance of damage are high.

The DTC also warns about two other errors, which are assessed as less serious. CVE-2024-23112 allows authenticated attackers to bypass a security measure. This bug also applies to FortiOS and FortiProxy, and is given a score of 7.2. CVE-2023-46717 only applies to FortiOS when configured with FortiAuthenticator in High Availability and is the least severe of the four with a score of 6.7. This flaw allows an authenticated attacker with read permissions to also gain write permissions.

According to Fortinet, several versions of FortiOS and FortiProxy are vulnerable. All vulnerabilities have now been closed with a patch. The DTC and Fortinet recommend installing this as soon as possible. If that’s not possible, then advises Fortinet to take mitigating measures. The vulnerabilities have already been fixed in FortiSASE 23.3.b. Anyone who uses this does not have to take any action.

Version Solution FortiOS 7.4.0 to 7.4.1 Upgrade to FortiOS 7.4.2 or later FortiOS 7.2.0 to 7.2.5 Upgrade to FortiOS 7.2.6 or later FortiOS 7.0.0 to 7.0.12 Upgrade to FortiOS 7.0.13 or later FortiOS 6.4.0 to 6.4.14 Upgrade to FortiOS 6.4.15 or higher FortiOS 6.2.0 to 6.2.15 Upgrade to FortiOS 6.2.16 or higher FortiProxy 7.4.0 Upgrade to FortiProxy 7.4.1 or higher FortiProxy 7.2.0 to 7.2 .6 Upgrade to FortiProxy 7.2.7 or later FortiProxy 7.0.0 to 7.0.12 Upgrade to FortiProxy 7.0.13 or later FortiProxy 2.0.0 to 2.0.13 Upgrade to FortiProxy 2.0.13 or later
2024-03-14 08:21:11
#Fortinet #warns #critical #vulnerabilities #FortiOS #FortiProxy

Related posts:

Federal Reserve's Dovish Indications Boost Gulf Stock Markets
Tesla Outperforms German Brands in Electric Car Sales: Reports
Urgent consultation about ship with Russian gas oil that is off the coast of Amsterdam
Latvijas gāze sells "Gaso": Competition Council approves merger with "Eesti Gaas" - transaction exce...
Spring Preview: High Temperatures Reach 70 Degrees – Why It’s so Hot and How Long It Will Last

Spring Preview: High Temperatures Reach 70 Degrees – Why It’s so Hot and How Long It Will Last

Independent Translator Completes Czech Localization for ATOM RPG Game in 2018

Independent Translator Completes Czech Localization for ATOM RPG Game in 2018

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.