- 255/2023
- Critical
Fortinet has released security updates to address vulnerabilities affecting multiple products.
The addressed vulnerabilities could allow the attacker to cause a denial of service, gain elevated privileges, disclose information, execute arbitrary commands, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. FortiSIEM – Remote Unauthenticated OS Command Injection Vulnerability (CVE-2023-34992):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. FortiMail – Email Account Takeover in Same Web Domain Vulnerability (CVE- 2023-36556):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privilege
Sample of the affected products:
- FortiProxy.
- FortiOS.
- FortiSIEM.
- FortiManager.
- FortiClient.
- FortiWLM.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.