Fortinet has released a security advisory and patches addressing several critical and high-severity vulnerabilities in their popular security products. These vulnerabilities could expose organizations to remote code execution, unauthorized file deletion, OS command injection, and sensitive data leaks. Affected products include FortiClient (Linux and macOS), Forti Sandbox, FortiOS, and FortiProxy.
FortiClient Linux Remote Code Execution
CVE-2023-45590 is a critical vulnerability and it is a “code injection” flaw in FortiClient Linux could allow an attacker to trick a user into visiting a malicious website, leading to arbitrary code execution on the vulnerable system.
Forti ClientMac Configuration File Vulnerability
CVE-2023-45588, CVE-2024-31492 is a high severity vulnerability in which an attacker with local access on a macOS system could manipulate Forti ClientMac configuration files to execute malicious code during installation.
Forti Sandbox Arbitrary File Deletion
CVE-2024-23671 is a high severity vulnerability in which an authenticated attackers with read-only access on Forti Sandbox could potentially delete arbitrary files on the system by sending specially crafted HTTP requests.
Forti Sandbox OS Command Injection
CVE-2024-21755, and CVE-2024-21756 is a high severity vulnerability in which an Improper command handling by Forti Sandbox could allow authenticated attackers with read-only permissions to execute unauthorized system-level commands.
FortiOS & FortiProxy Administrator Cookie Leakage
CVE-2023-41677 is a medium severity vulnerability, under specific conditions, attackers could trick administrators into visiting a malicious site through the SSL-VPN and obtain admin cookies, potentially compromising the system.
Successful exploitation of these vulnerabilities could result in:
- Full system compromise on devices running FortiClient.
- Data exfiltration with further attack possibilities on the internal network
- Disruption of security monitoring and analysis on Forti Sandbox
