Fortinet FortiClientLinux Remote Code Execution Vulnerability (CVE-2023-45590)

Qualys Security Advisory

Fortinet FortiClientLinux is vulnerable to a critical severity flaw being tracked as CVE-2023-45590. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code on the affected systems. To exploit this improper code injection flaw, an attacker must trick a FortiClientLinux user into visiting a malicious website.

FortiClient is a web application firewall that provides remote web filtering, botnet protection, and application traffic control. It is available for installation on Linux operating systems such as Ubuntu, CentOS, and Red Hat. It provides protection, compliance, and secure access and communicates with the Fortinet Security Fabric to provide information, visibility, and control.

Affected Versions

  • FortiClientLinux 7.2.1 or above
  • FortiClientLinux 7.0.6 through 7.0.10
  • FortiClientLinux 7.0.3 through 7.0.4

Mitigation

Customers are advised to upgrade to the following versions to patch the vulnerability:

  • FortiClientLinux 7.2.1 or above
  • FortiClientLinux 7.0.11 or above
  • FortiClientLinux 7.0.11 or above

Please refer to the Fortinet PSIRT Advisory (FG-IR-23-087) for more information.

Qualys Detection

Qualys customers can scan their devices with QID 379606 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://fortiguard.fortinet.com/psirt/FG-IR-23-087

READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *