- 132/2023
- High
Fortinet has released security updates to fix several vulnerabilities in multiple Fortinet products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, cause a denial of service attack, obtain sensitive information, execute arbitrary code, and gain access to the affected products by sending specially crafted requests.
Sample of the addressed vulnerabilities:
1. Fortinet FortiOS Code Execution Vulnerability (CVE-2023-29181):
- CVSS: 8.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
2. Fortinet FortiOS Denial of Service Vulnerability (CVE-2023-29180):
- CVSS: 7.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Sample of the affected products:
- FortiOS version 7.2.0 through 7.2.4.
- FortiOS version 6.4.0 through 6.4.12.
- FortiProxy version 2.0.0 through 2.0.12.
- FortiSIEM 6.6 all versions.
- FortiNAC version 9.4.0 through 9.4.2.
Vulnerabilities
Mitigations
The enterprise should deploy the patch as soon as the testing phase is completed.