March 13, 2024 at 06:33AM
Fortinet announced patches for critical vulnerabilities in its network security and management products. The flaws, including CVE-2023-42789 and CVE-2023-48788, could lead to code execution and were resolved in various product versions. Additionally, high-severity and medium-severity bugs were also patched. Users are urged to apply the patches promptly to avoid potential exploitation.
Based on the meeting notes, the following key takeaways can be summarized:
– Fortinet has announced patches for multiple vulnerabilities in its network security and management products, including critical-severity flaws that could lead to code execution.
– CVE-2023-42789 and CVE-2023-42790 are critical bugs impacting FortiOS and FortiProxy, allowing attackers to execute code or commands via crafted HTTP requests. These issues have been addressed with the release of specific FortiOS and FortiProxy versions.
– Another critical-severity flaw, CVE-2023-48788, is an SQL injection issue in FortiClientEMS that allows unauthenticated attackers to execute code or commands via crafted requests. This issue has been resolved with the release of specific FortiClientEMS versions.
– Fortinet has assessed both CVE-2023-42789 and CVE-2023-48788 as having a CVSS score of 9.3, while NIST NVD lists both with a CVSS score of 9.8.
– Additionally, patches for several high-severity and medium-severity bugs in Fortinet products have been announced, and users and administrators are advised to apply the available patches as soon as possible to prevent exploitation.