Software and appliance manufacturer Fortinet is fixing security vulnerabilities in several of its products. In addition to SQL injections, the errors also include opportunities for attackers to execute arbitrary commands on the Californian company’s appliances. Fortinet is providing updates for all affected products and recommending that administrators install them.
Advertisement
Multiple security vulnerabilities in FortiOS and FortiProxy
In FortiOS, the Californians’ firewall operating system, has several gaps – including one for which Fortinet itself is not responsible: The bugs in cURL that were recently announced in the media also affect the firewall’s KVM-based VM images. However, to exploit the vulnerabilities, authentication is required. FortiNet does not assign a new CVE identifier in its security advisory, but rather adopts the original CVE ID CVE-2023-38545. However, the CVSSv3 score of 8.1/10 is slightly lower than specified by the cURL project; the severity is also just “high“. Versions 7.4.0 to 7.4.1, 7.2.0 to 7.2.6 and 7.0.1 to 7.0.13 of the FortiGate-FGT_VM64_KVM image files are vulnerable, updates with version numbers 7.4.2 and 7.2.7 are available for download .
Two more gaps middle Degree of severity can be found in FortiOS as well as FortiProxy. Thanks to insufficient integrity checking, attackers who have gained admin rights on a FortiOS or FortiProxy VM can boot a manipulated disk image (CVE-2023-28002, CVSSv3 5.8/10) and can also cause a denial using special HTTP requests of Service in the SSL VPN of the same products (CVE-2023-36641, CVSSv3 6.2/10). The following applies to both security problems: If you use FortiProxy in a version earlier than 7, you should first jump to this version; FortiOS 6 users should also get comfortable with an update to version 7. The security problems are then fixed in FortiOS 7.4.1, 7.2.6 and 7.0.13 as well as in FortiProxy 7.2.5 and 7.0.11.
DLL takeover and file deletion
The FortiClient – a Windows software that, in addition to malware protection and VPN, also ensures the compliance of an end device with company guidelines – has two vulnerabilities that, on the one hand, allow attackers to use DLL hijacking of the software to foist your own libraries on (CVE-2023-41840, Severity “high“, CVSSv3 7.4/10) and on the other hand allow you to store any files on the end device to delete (CVE-2022-40681, Severity “high“, CVSSv3 7.9/10). Fortinet has fixed both problems and offers those affected an aidto determine the correct update path for your FortiClient output.
In-house FortiSIEM (Security and Incident Event Management), a member of the Fortinet security team discovered a security vulnerability that allowed arbitrary commands to be executed. An external security researcher already had a similar problem in the FortiSIEM web interface reported in October, but the new variant now refers to API requests. Fortinet rates the bug (CVE-2023-36553) as critical (CVSSv3 9.3/10) and recommends an update to administrators. All versions between 4.7 and 5.4 are affected – an update to the cleaned ones Issues from 6.4.3 provides a remedy.
In FortiWLM, a hardware or VM appliance for managing WLANs, Fortinet has fixed two bugs that security researcher Zach Hanley had reported to the manufacturer. One as critical (CVE-2023-34991, CVSSve 9.3/10) classified SQL injection vulnerability allows attackers to execute SQL queries on the database without prior registration and by cleverly manipulating a path in an HTTP parameter they can access arbitrary files on the FortiWLM Read system (CVE-2023-42783, CVSSv3 7.3/10, severity “high“). The updated versions 8.5.5 and 8.6.6 fix both security problems.
Privilege escalation and other attacks
The automation features of FortiADC contain a little more automation than intended: using a specially constructed automation script, attackers with low privileges can escalate this and execute commands with super_admin rights. Fortinet rates the risk of this bug as “high“, awards 7.9 out of 10 CVSSv3 points and the CVE ID CVE-2023-26205.
In the command line tools for FortiADC and FortiDDoS-F There is also a buffer overflow middle Severity level (CVE-2023-29177, CVSSv3 6.2/10) and a cross-domain policy in the API that is too permeable, which encourages the escalation of privileges and the access of protected information by unregistered attackers (CVE-2023-25603, CVSSv3 5.4,” medium”). In these cases, the information mentioned above also helps in selecting the correct, error-corrected version Upgrade tool.
(cku)