FortiClientLinux Code Injection Vulnerability Allows Unauthorized Code Execution
CVE-2023-45590

8.8HIGH

Key Information:

Vendor: Fortinet
Status: Forticlientlinux
Vendor: CVE Published:; 9 April 2024

🔔 Create Fortinet Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2023-45590?

A vulnerability reported in Fortinet's FortiClientLinux allows for code injection due to improper handling of code generation. This security flaw affects specific versions of the software, including 7.2.0 and versions from 7.0.3 to 7.0.10. Attackers can exploit this vulnerability by tricking users into accessing a malicious website, potentially allowing unauthorized code execution on their systems, which could lead to further compromises.

Affected Version(s)

FortiClientLinux 7.2.0

FortiClientLinux 7.0.6 <= 7.0.10

FortiClientLinux 7.0.3 <= 7.0.4

News Articles

CVE-2023-48788 CVE-2023-45590

Fortinet patches FortiClientLinux critical RCE vulnerability

The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.

thmubnail image

CVE-2023-48788 CVE-2023-45590

Fortinet patches FortiClientLinux critical RCE vulnerability

The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.

thmubnail image

References

https://fortiguard.com/psirt/FG-IR-23-087

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by SC Media
Apr 10, 2024
Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Oct 9, 2023

.