83r71n, Fortinet has revealed vulnerabilities in its FortiOS, FortiProxy, FortiClient Linux, and FortiClient Mac products, including a critical one that could allow remote code execution. This critical flaw, identified as CVE-2023-45590, has a high severity score and could enable an attacker to execute arbitrary code by tricking a user into visiting a malicious website. Other high-severity issues affect FortiOS and FortiProxy, where credentials are not adequately protected. A specific flaw (CVE-2023-41677) might allow an attacker to steal the administrator cookie under certain conditions. Additionally, FortiClientMac has vulnerabilities due to a lack of configuration file validation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about the potential for cyber threat actors to exploit these vulnerabilities.
https://www.fortiguard.com/psirt/FG-IR-23-087
https://www.fortiguard.com/psirt/FG-IR-23-345
https://www.fortiguard.com/psirt/FG-IR-23-493
#cybersecurity #fortinet #fortios #fortiproxy #forticlient #linux #mac #vulnerability #cve #cisa