FortiClientLinux Code Injection Vulnerability Allows Unauthorized Code Execution
CVE-2023-45590

8.8HIGH

Key Information:

Vendor
Fortinet
Status
Forticlientlinux
Vendor
CVE Published:
9 April 2024

Badges

📰 News Worthy

Summary

A vulnerability reported in Fortinet's FortiClientLinux allows for code injection due to improper handling of code generation. This security flaw affects specific versions of the software, including 7.2.0 and versions from 7.0.3 to 7.0.10. Attackers can exploit this vulnerability by tricking users into accessing a malicious website, potentially allowing unauthorized code execution on their systems, which could lead to further compromises.

Affected Version(s)

FortiClientLinux 7.2.0

FortiClientLinux 7.0.6 <= 7.0.10

FortiClientLinux 7.0.3 <= 7.0.4

News Articles

favicon imageSC Media

Fortinet patches FortiClientLinux critical RCE vulnerability

The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.

1 month ago

favicon imageSC Media

Fortinet patches FortiClientLinux critical RCE vulnerability

The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.

9 months ago

References

https://fortiguard.com/psirt/FG-IR-23-087

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by SC Media

  • Vulnerability published

  • Vulnerability Reserved

.