Severity
Medium
Analysis Summary
CVE-2022-27488 CVSS:8.3
Fortinet FortiVoiceEnterprise, Fortinet FortiNDR, Fortinet FortiSwitch, Fortinet FortiMail, and Fortinet FortiRecorder are vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to execute commands on the command-line interpreter. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-36639 CVSS:7.2
Fortinet FortiOS and Fortinet FortiProxy could allow a remote authenticated attacker to execute arbitrary code on the system, caused by use of externally-controlled format strings. By sending a specially crafted API request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-41844 CVSS:3.5
Fortinet FortiSandbox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the capture traffic endpoint. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-41678 CVSS:8.8
Fortinet FortiOS and Fortinet FortiPAM could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a double-free. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-47536 CVSS:3.1
Fortinet FortiOS and Fortinet FortiProxy could allow a remote attacker to bypass security restrictions, caused by an authentication bypass by improper access control. An attacker could exploit this vulnerability to bypass the firewall deny geolocalization policy during aGeoIP database update.
CVE-2023-41673 CVSS:7.1
Fortinet FortiADC could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization. By sending a specially crafted HTTP or HTTPS request, an attacker could exploit this vulnerability to read or backup the full system configuration.
CVE-2023-45587 CVSS:3.5
Fortinet FortiSandbox is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Gain Access
- Code Execution
- Cross-Site Scripting
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-27488
- CVE-2023-36639
- CVE-2023-41844
- CVE-2023-41678
- CVE-2023-47536
- CVE-2023-41673
- CVE-2023-45587
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiSwitch 6.2.6
- Fortinet FortiOS 6.0.0
- Fortinet FortiOS 7.2.0
- Fortinet FortiOS 6.4.9
- Fortinet FortiOS 7.0.0
- Fortinet FortiProxy 7.0.0
- Fortinet FortiADC 7.0.2
- Fortinet FortiADC 7.0.0
- Fortinet FortiADC 6.2.4
- Fortinet FortiOS 6.4.0
- Fortinet FortiOS 6.2.0
- Fortinet FortiProxy 2.0.0
- Fortinet FortiProxy 7.0.6
- Fortinet FortiOS 7.0.7
- Fortinet FortiProxy 2.0.10
- Fortinet FortiSandbox 3.2.0
- Fortinet FortiSandbox 4.0.0
- Fortinet FortiRecorder 6.0.10
- Fortinet FortiRecorder 6.4.2
- Fortinet FortiADC 7.1.0
- Fortinet FortiSwitch 6.2.2
- Fortinet FortiSandbox 3.1.0
- Fortinet FortiSandbox 4.2.0
- Fortinet FortiSandbox 4.4.0
- Fortinet FortiSandbox 3.0.7
- Fortinet FortiSandbox 3.0.4
- Fortinet FortiSandbox 4.2.4
- Fortinet FortiMail 6.2.2
- Fortinet FortiSwitch 6.0.6
- Fortinet FortiMail 6.0.7
- Fortinet FortiNDR 7.1.0
- Fortinet FortiPAM 1.1.0
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.