- 340/2024
- Critical
Fortinet has released security updates to fix multiple vulnerabilities across several Fortinet products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information or execute arbitrary command/code and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. FortiWLM Remote Command/Code Execution Vulnerability (CVE-2023- 34990):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. FortiManager Remote Command/Code Execution Vulnerability (CVE-2024- 48889):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
The affected products:
- FortiClient Linux and Windows.
- FortiManager.
- FortiWLM.
Vulnerabilities
- CVE-2023-34990
- CVE-2024-48889
- CVE-2024-50570
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.