- 323/2023
- Critical
Fortinet has released security updates to fix multiple vulnerabilities across several products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, obtain sensitive information, or execute arbitrary code, and gain access to the affected products.
Sample of the addressed vulnerabilities:
1. FortiMail Remote Wildcard RADIUS Login Bypass (CVE-2023-47539):
- CVSS: 9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. FortiOS & FortiPAM HTTPSd Double Free Code Execution (CVE-2023-36639):
- CVSS: 8.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
Sample of the affected products:
- FortiOS.
- FortiPAM.
- FortiADC.
- FortiMail.
- FortiNDR.
- FortiSwitch.
- FortiVoice.
- FortiProxy.
Vulnerabilities
- CVE-2022-27488
- CVE-2023-36639
- CVE-2023-40716
- CVE-2023-41673
- CVE-2023-41678
- CVE-2023-41844
- CVE-2023-45587
- CVE-2023-46713
- CVE-2023-47536
- CVE-2023-47539
- CVE-2023-48782
- CVE-2023-48791
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.