- 101/2023
- High
Fortinet has released security updates to fix several vulnerabilities across multiple products.
The addressed vulnerabilities could allow the attacker to gain access, execute code, disclose information, or trigger cross-site scripting attacks on the affected products.
Sample of the addressed vulnerabilities:
1. FortiADC – Command Injection Vulnerability in External Resource Module (CVE-2023-27999):
- CVSS: 7.6
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. FortiOS & FortiProxy – Out-of-bound-write in sslvpnd (CVE-2023-22640):
- CVSS: 7.1
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
Affected Products:
- FortiNAC.
- FortiADC.
- FortiOS.
- FortiProxy.
Vulnerabilities
- CVE-2023-27999
- CVE-2023-27993
- CVE-2022-45858
- CVE-2023-22637
- CVE-2022-45860
- CVE-2022-45859
- CVE-2023-26203
- CVE-2022-43950
- CVE-2023-22640
Mitigations
The enterprise should deploy the patch as soon as the testing phase is completed.