Rewterz Threat Advisory – Multiple Fortinet FortiOS and FortiProxy Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-26207 CVSS:3.3

Fortinet FortiOS and FortiProxy could allow a local authenticated attacker to obtain sensitive information, caused by an insertion of sensitive information into log file vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to read certain passwords in plain text.

CVE-2022-43953 CVSS:6.7

Fortinet FortiOS and FortiProxy could allow a local authenticated attacker to execute arbitrary code on the system, caused by a format string flaw in the command line interpreter. By sending specially crafted command arguments, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-29179 CVSS:6.5

Fortinet FortiOS is vulnerable to a denial of service, caused by a NULL pointer dereference in sslvpnd proxy endpoint. By sending specially crafted HTTP requests, a remote authenticated attacker could exploit this vulnerability to crash the SSL-VPN daemon.

CVE-2023-29181 CVSS:8.8

Fortinet FortiOS could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an use of externally-controlled format string vulnerability in the Fclicense daemon. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-29180 CVSS:7.5

Fortinet FortiOS is vulnerable to a denial of service, caused by a NULL pointer dereference in sslvnd. By sending specially crafted HTTP requests, a remote attacker could exploit this vulnerability to crash the SSL-VPN daemon.

CVE-2022-41330 CVSS:8.8

Fortinet FortiOS and FortiProxy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2022-42469 CVSS:4.3

Fortinet FortiOS could allow a remote authenticated attacker to bypass security restrictions, caused by a permissive list of allowed inputs vulnerability in FortiGate Policy-based NGFW Mode. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the policy.

CVE-2022-43947 CVSS:6.0

Fortinet FortiOS and FortiProxy is vulnerable to a brute force attack, caused by improper restriction of excessive authentication attempts. By using brute force techniques, a remote authenticated attacker could exploit this vulnerability to takeover other user accounts.

Impact

• Information Theft
• Gain Access
• Code Execution
• Denial of Service
• Cross-Site Scripting
• Security Bypass

Indicators Of Compromise

CVE

• CVE-2023-26207
• CVE-2022-43953
• CVE-2023-29179
• CVE-2023-29181
• CVE-2023-29180
• CVE-2022-41330
• CVE-2022-42469
• CVE-2022-43947

Affected Vendors

Fortinet

Affected Products

• Fortinet FortiOS 6.0
• Fortinet FortiOS 6.2
• Fortinet FortiOS 6.0.16
• Fortinet FortiOS 6.2.14
• Fortinet FortiOS 6.4
• Fortinet FortiOS 6.4.0
• Fortinet FortiOS 6.4.11
• Fortinet FortiOS 6.4.12
• Fortinet FortiOS 7.0.0
• Fortinet FortiOS 7.0.9
• Fortinet FortiOS 7.0.11
• Fortinet FortiOS 7.2.0
• Fortinet FortiOS 7.2.3
• Fortinet FortiOS 7.2.4
• Fortinet FortiProxy 1.0
• Fortinet FortiProxy 1.1
• Fortinet FortiProxy 1.2
• Fortinet FortiProxy 2.0.0
• Fortinet FortiProxy 2.0.11
• Fortinet FortiProxy 7.0.0
• Fortinet FortiProxy 7.0.7
• Fortinet FortiProxy 7.0.8
• Fortinet FortiProxy 7.2.0
• Fortinet FortiProxy 7.2.1
• Fortinet FortiProxy 7.2.2

Remediation

Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.

FortiGuard Advisory