FortiClientLinux Code Injection Vulnerability Allows Unauthorized Code Execution

CVE-2023-45590

9.4CRITICAL

Key Information

Vendor: Fortinet
Status: Forticlientlinux
Vendor: CVE Published:; 9 April 2024

Badges

📰 News Worthy

Summary

An improper control of generation of code ('code injection') in Fortinet FortiClientLinux version 7.2.0, 7.0.6 through 7.0.10 and 7.0.3 through 7.0.4 allows attacker to execute unauthorized code or commands via tricking a FortiClientLinux user into visiting a malicious website

Affected Version(s)

FortiClientLinux = 7.2.0

FortiClientLinux <= 7.0.10

FortiClientLinux <= 7.0.4

News Articles

SC Media

CVE-2023-48788CVE-2023-45590

Fortinet patches FortiClientLinux critical RCE vulnerability

The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.

7 months ago

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

First article discovered by SC Media
Apr 10, 2024
Vulnerability published.
Apr 9, 2024
Vulnerability Reserved.
Oct 9, 2023

Collectors

NVD DatabaseMitre Database1 News Article(s)