Fortinet Rolls Out Crucial Safety Patches for FortiClientLinux Vulnerability

Apr 11, 2024NewsroomVulnerability / Risk Mitigation

Fortinet has launched patches to deal with a essential safety flaw impacting FortiClientLinux that could possibly be exploited to attain arbitrary code execution.

Tracked as CVE-2023-45590, the vulnerability carries a CVSS rating of 9.4 out of a most of 10.

“An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website,” Fortinet stated in an advisory.

Cybersecurity

The shortcoming, which has been described as a case of distant code execution attributable to a “dangerous nodejs configuration,” impacts the next variations –

  • FortiClientLinux variations 7.0.3 by means of 7.0.4 and seven.0.6 by means of 7.0.10 (Improve to 7.0.11 or above)
  • FortiClientLinux model 7.2.0 (Improve to 7.2.1 or above)

Safety researcher CataLpa from Dbappsecurity has been credited with discovering and reporting the vulnerability.

Fortinet’s safety patches for April 2024 additionally handle a problem with FortiClientMac installer that would additionally result in code execution (CVE-2023-45588 and CVE-2024-31492, CVSS scores: 7.8).

Additionally resolved is a FortiOS and FortiProxy bug that would leak administrator cookies in sure situations (CVE-2023-41677, CVSS rating: 7.5).

Whereas there is no such thing as a proof of any of the issues being exploited within the wild, it is really useful that customers hold their techniques up-to-date to mitigate potential threats.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.

Recent articles

9 Worthwhile Product Launch Templates for Busy Leaders

Launching a product doesn’t should really feel like blindly...

How Runtime Insights Assist with Container Safety

Containers are a key constructing block for cloud workloads,...

Microsoft Energy Pages Misconfigurations Leak Tens of millions of Information Globally

SaaS Safety agency AppOmni has recognized misconfigurations in Microsoft...

LEAVE A REPLY

Please enter your comment!
Please enter your name here