A Fortinet FortiClientLinux critical vulnerability could allow remote code execution (RCE) by an unauthenticated attacker, Fortinet disclosed Tuesday.
The flaw, tracked as CVE-2023-45590, has a CVSS score of 9.4 and is due to a “dangerous nodejs configuration,” Fortinet said in its Product Security Incident Response Team (PSIRT) advisory.
An attacker could exploit this bug to achieve RCE when a victim user visits the attacker’s malicious website.
CVE-2023-45590 impacts versions 7.2.0, 7.0.6 through 7.0.10, and 7.0.3 through 7.0.4 of FortiClientLinux, Fortinet’s cybersecurity solution for Linux operating systems.
Users will need to upgrade to at least FortiClientLinux version 7.2.1, or version 7.0.11, to defend against RCE exploits.
"Fortinet PSIRT policy diligently balances our commitment to the security of our customers and our culture of researcher collaboration and transparency. We have proactively communicated to customers via Fortinet's PSIRT Advisory process, advising them to follow the guidance provided," Fortinet told SC Media in a statement.
Fortinet credited security researcher CataLpa of Dbappsecurity Co. Ltd. with discovering the critical vulnerability.
Fortinet patches high-severity vulnerabilities in FortiOS, FortiProxy and FortiClientMac
Fortinet published two additional advisories Tuesday addressing high-severity vulnerabilities in three of its other products: FortiOS, FortiProxy and FortiClientMac.
One, tracked as CVE-2023-41677, has a CVSS score of 7.5 and is due to insufficient protection of credentials in FortiOS and FortiProxy.
This bug could enable an attacker to obtain an administrator cookie “in rare and specific conditions,” Fortinet stated, and requires the administrator to be social engineered into visiting a malicious website through the SSL-VPN. A full list of product versions affected by CVE-2023-41677 can be found in Fortinet’s PSIRT advisory.
The other flaws, tracked as CVE-2023-45588 and CVE-2024-31492, have a CVSS score of 7.8 and impact FortiClientMac versions 7.2.0 through 7.2.3 and 7.0.6 through 7.0.10. These vulnerabilities exist in the FortiClientMac installer and could allow a local attacker to execute arbitrary code by writing a malicious configuration file in the temporary directory prior to installation.
“A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an alert about the Fortinet vulnerabilities patched Tuesday.
Fortinet vulnerabilities are a common target for cyberattackers; 13 vulnerabilities in Fortinet products are currently included in CISA’s Known Exploited Vulnerabilities (KEV) catalog, including two added in 2024.
Most recently, an SQL injection flaw in Fortinet FortiClient EMS, which is tracked as CVE-2023-48788 and has a CVSS score of 9.8, came under active exploitation in the wild. eSentire researchers noted an increase in exploitation beginning on March 24, in campaigns that included deployment of reverse webshells, the ScreenConnect Remote Monitoring and management tool, and other persistence mechanisms.
The eSentire Threat Intelligence team added that there was a high probability that ransomware could be deployed in attacks exploiting CVE-2023-48788. A patch for the flaw has been available since March 12.
