- 179/2024
- High
Fortinet has released security updates to fix several vulnerabilities across multiple Fortinet products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, conduct cross-site scripting attacks, execute arbitrary code, and gain access to the affected products by sending specially crafted HTTP requests.
Sample of the addressed vulnerability:
1. Fortinet FortiOS Buffer Overflow Vulnerability (CVE-2024-23110):
- CVSS: 7.4
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. FortiOS/FortiProxy – Cross-Site Scripting Vulnerability in Reboot Page (CVE-2024-23111):
- CVSS: 6.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Consequences: Cross-Site Scripting
Sample of the affected products:
- FortiPortal.
- FortiOS.
- FortiPAM.
- FortiProxy.
- FortiSwitchManager.
- FortiSOAR.
- FortiClientMac/Linux/Windows.
Vulnerabilities
- CVE-2024-31495
- CVE-2024-26010
- CVE-2024-23111
- CVE-2023-23775
- CVE-2024-23110
- CVE-2023-46720
- CVE-2024-3661
- CVE-2024-21754
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.