Security Advisory

Fortinet Family (FortiMail, FortiPortal, and others) Security Update Recommendations

  • Mar 11 2024

Overview

 

An update has been made available to fix vulnerabilities in the Fortinet family of products. users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2022-40681

  • Fortinet FortiClient (Windows) from 7.0.0(include) to 7.0.7(include)
  • Fortinet FortiClient (Windows) from 6.4.0(include) to 6.4.8(include)
  • All versions of Fortinet FortiClient (Windows) 6.2.x
  • All versions of Fortinet FortiClient (Windows) 6.0.x

 

CVE-2023-47539

  • FortiMail versions 7.4.0 and later

 

CVE-2023-26205

  • Versions of FortiADC from 7.1.0(include) to 7.1.2(include)
  • Versions of FortiADC 7.0.x
  • Versions of FortiADC 6.2.x
  • Versions of FortiADC 6.1.x

 

CVE-2023-41840

  • Version of FortiClientWindows from 7.2.0(include) to 7.2.1
  • FortiClientWindows 7.0.9 version

 

CVE-2023-48791

  • FortiPortal 7.2.0 versions
  • FortiPortal from 7.0.0(include) to 7.0.6(include)

 

CVE-2023-44252

  • FortiWAN from 5.2.0(include) to 5.2.1(include)
  • FortiWAN from 5.1.1(include) to 5.1.2(include)

 

CVE-2023-36553

  • Version of FortiSIEM 5.4.x
  • Versions of FortiSIEM 5.3.x
  • Versions of FortiSIEM 5.2.x
  • Versions of FortiSIEM 5.1.x
  • Versions of FortiSIEM 5.0.x
  • Versions of FortiSIEM 4.10.x
  • Versions of FortiSIEM 4.9.x
  • Versions of FortiSIEM 4.7.x

 

CVE-2023-48782

  • Version of FortiWLM from 8.6.0 to 8.6.5(include)

 

Resolved Vulnerabilities

 

Arbitrary file deletion vulnerability due to malformed authentication in FortiClient (Windows) (CVE-2022-40681)

Administrator login bypass vulnerability due to improper access control vulnerability in FortiMail configured with RADIUS authentication and Remote_wildcard enabled (CVE-2023-47539)

Improper access control vulnerability in FortiADC automation features that could allow an authenticated, low privilege attacker to elevate privileges to super_admin via fabric automation CLI scripts (CVE-2023-26205)

Untrusted search path vulnerability in the FortiClient Windows OpenSSL component that allows an attacker to conduct a DLL hijacking attack via a malicious OpenSSL engine library in the search path (CVE-2023-41840)

Improper neutralization of special elements used in a command injection vulnerability in FortiPortal, which could allow remote authenticated attackers with minimal R/W privileges to execute unauthorized commands in certain system backups (CVE-2023-48791)

Improper authentication vulnerability in FortWAN that could allow an authenticated attacker to elevate their privileges via HTTP or HTTPs requests with a crafted JWT token value (CVE-2023-44252)

Improperly sanitizing a special element used in an OS command vulnerability in FortiSIEM Report Server could allow an unauthenticated remote attacker to execute unauthorized commands via crafted API requests (CVE-2023-36553)

Improper neutralization of a special element used in an OS command vulnerability in FortiWLM allows remote authenticated attackers with low privileges to execute unauthorized commands via specially crafted http get request parameters (CVE-2023-48782)

 

Vulnerability Patches

 

vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2022-40681

  • Fortinet FortiClient (Windows) 7.0.8 and later versions
  • Fortinet FortiClient (Windows) 6.4.9 and later versions 

 

CVE-2023-47539

  • FortiMail 7.4.1 and later versions

 

CVE-2023-26205

  • FortiADC 7.1.3 and versions

 

CVE-2023-41840

  • FortiClientWindows 7.2.2 and later versions
  • FortiClientWindows 7.0.10 and later versions

 

CVE-2023-48791

  • FortiPortal 7.2.1 and later versions 
  • FortiPortal 7.0.7 and later versions

 

CVE-2023-44252

  • FortiWAN product discontinued and replaced with appropriate FortiGate

 

CVE-2023-36553

  • FortiSIEM 7.1.0 and later versions
  • Versions of FortiSIEM 7.0.x that are at least 7.0.1
  • FortiSIEM 6.7.x with a version of at least 6.7.6
  • FortiSIEM 6.6.x with a version of 6.6.4 or later
  • FortiSIEM 6.5.x with a version of at least 6.5.2
  • FortiSIEM 6.4.x with a version of 6.4.3 or later

 

CVE-2023-48782

  • FortiWLM 8.6.6 or at least a later version

 

Referenced Sites

 

[1] FortiClient (Windows) – Arbitrary file deletion from unprivileged users
https://www.fortiguard.com/psirt/FG-IR-22-299
[2] FortiMail – Potential Remote_wildcard RADIUS login bypass in FotiMail 7.4.0
https://fortiguard.fortinet.com/psirt/FG-IR-23-439
[3] FortiADC – Privilege escalation vulnerability using the automation cli-script feature
https://www.fortiguard.com/psirt/FG-IR-22-292
[4] FortiClient (Windows) – DLL Hijacking via openssl.cnf
https://www.fortiguard.com/psirt/FG-IR-23-274
[5] FortiPortal – Schedule System Backup Page OS Command Injection
https://www.fortiguard.com/psirt/FG-IR-23-425
[6] FortiWAN – Guessable static JSON web token secret
https://www.fortiguard.com/psirt/FG-IR-23-061
[7] FortiSIEM – OS command injection in Report Server
https://www.fortiguard.com/psirt/FG-IR-23-135
[8] FortiWLM – authenticated command injection vulnerability
https://www.fortiguard.com/psirt/FG-IR-23-450

Tags:

Previous Post

Next Post