FortiClientLinux Code Injection Vulnerability Allows Unauthorized Code Execution
CVE-2023-45590
9.4CRITICAL
Key Information
- Vendor
- Fortinet
- Status
- Forticlientlinux
- Vendor
- CVE Published:
- 9 April 2024
Badges
đź“° News Worthy
Summary
An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website
Affected Version(s)
FortiClientLinux = 7.2.0
FortiClientLinux <= 7.0.10
FortiClientLinux <= 7.0.4
News Articles
Fortinet patches FortiClientLinux critical RCE vulnerability
The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.
2 weeks ago
Fortinet patches FortiClientLinux critical RCE vulnerability
The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.
8 months ago
Refferences
CVSS V3.1
Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
First article discovered by SC Media
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database2 News Article(s)