July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Adobe Experience Manager Vulnerabilities
December 24, 2024Apache Tomcat Flaw Makes Servers Vulnerable to RCE Attacks
December 24, 2024Multiple Adobe Experience Manager Vulnerabilities
December 24, 2024Apache Tomcat Flaw Makes Servers Vulnerable to RCE Attacks
December 24, 2024
Severity
High
Analysis Summary
CVE-2023-34990 CVSS:9.8
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.
CVE-2024-36513 CVSS:8.2
FortiClient Windows could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially crafted request via the lua auto patch function, an <authenticated> attacker could exploit this vulnerability to escalate the privileges .
CVE-2023-50176 CVSS:7.1
Fortinet FortiOS could allow a remote attacker to hijack a user's session. By persuading a victim to click on a specially crafted Web site, an attacker could exploit this vulnerability to gain access to another user's session.
CVE-2024-47574 CVSS:7.8
Fortinet FortiClientWindows could allow a remote attacker to bypass security restrictions caused by improper access control. By sending a specially crafted request PSM, an attacker could exploit this vulnerability to bypass access restrictions to read abitrary file on the system.
CVE-2024-23666 CVSS:7.1
Fortinet FortiAnalyzer-Big Datacould allow a remote attacker to bypass security restrictions caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions to read abitrary file on the system.
CVE-2024-47575 CVSS:9.8
Fortinet FortiManager could allow a remote attacker to execute arbitrary code on the system, caused by a missing authentication for critical function vulnerability in the fgfmd daemon. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or commands on the system.
Impact
- Privilege Escalation
- Gain Access
- Security Bypass
- Code Execution
Indicators of Compromise
CVE
- CVE-2023-34990
- CVE-2024-36513
- CVE-2023-50176
- CVE-2024-47574
- CVE-2024-23666
- CVE-2024-47575
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiManager 7.0.0
- Fortinet FortiManager 7.2.0
- Fortinet FortiManager 7.4.0
- Fortinet FortiOS 7.0.13
- Fortinet FortiOS 7.2.7
- Fortinet FortiOS 7.4.3
- Fortinet FortiManager 7.6.0
- Fortinet FortiWLM - 8.6.0 - 8.5.0
- Fortinet FortiClientWindows 7.2.4
- Fortinet FortiClientWindows 7.0.12
- Fortinet FortiOS - 7.4.0 - 7.2.0 - 7.0.0
- Fortinet FortiAnalyzer-BigData 7.4.1
- Fortinet FortiAnalyzer-BigData 7.2.4
- Fortinet FortiAnalyzer-BigData 6.4.14
- Fortinet FortiClientWindows - 7.4.0 - 7.2.0 - 7.0.0 - 6.4.0
Remediation
Refer to Fortinet Security Advisory for patch, upgrade, or suggested workaround information.