Severity
High
Analysis Summary
CVE-2023-26207 CVSS:3.3
Fortinet FortiOS and FortiProxy could allow a local authenticated attacker to obtain sensitive information, caused by an insertion of sensitive information into log file vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to read certain passwords in plain text.
CVE-2023-29181 CVSS:8.8
Fortinet FortiOS could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an use of externally-controlled format string vulnerability in the Fclicense daemon. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-29180 CVSS:7.5
Fortinet FortiOS is vulnerable to a denial of service, caused by a NULL pointer dereference in sslvnd. By sending specially crafted HTTP requests, a remote attacker could exploit this vulnerability to crash the SSL-VPN daemon.
CVE-2023-29179 CVSS:6.5
Fortinet FortiOS is vulnerable to a denial of service, caused by a NULL pointer dereference in sslvpnd proxy endpoint. By sending specially crafted HTTP requests, a remote authenticated attacker could exploit this vulnerability to crash the SSL-VPN daemon.
CVE-2022-42474 CVSS:6.5
Fortinet FortiOS, FortiProxy and FortiSwitchManager could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially crafted request to delete arbitrary directories from the filesystem.
Impact
- Information Disclosure
- Code Execution
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-26207
- CVE-2023-29181
- CVE-2023-29180
- CVE-2023-29179
- CVE-2022-42474
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiProxy 7.0.0
- Fortinet FortiOS 7.2.0
- Fortinet FortiProxy 7.2.0
- Fortinet FortiProxy 7.2.1
- Fortinet FortiOS 6.4.9
- Fortinet FortiOS 6.2
- Fortinet FortiOS 6.0
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.