FortiClientLinux Code Injection Vulnerability Allows Unauthorized Code Execution

CVE-2023-45590

9.4CRITICAL

Key Information

Vendor
Fortinet
Status
Forticlientlinux
Vendor
CVE Published:
9 April 2024

Badges

đź“° News Worthy

Summary

An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website

Affected Version(s)

FortiClientLinux = 7.2.0

FortiClientLinux <= 7.0.10

FortiClientLinux <= 7.0.4

News Articles

Fortinet patches FortiClientLinux critical RCE vulnerability

The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.

2 weeks ago

Fortinet patches FortiClientLinux critical RCE vulnerability

The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.

8 months ago

Refferences

CVSS V3.1

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • First article discovered by SC Media

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database2 News Article(s)
.