Fortinet Patches Multiple Critical Vulnerabilities Affecting FortiClient, FortiSandbox, FortiOS, and FortiProxy

Fortinet has released an urgent security advisory and patches addressing several critical and high-severity vulnerabilities in their popular security products. These vulnerabilities could expose organizations to remote code execution, unauthorized file deletion, OS command injection, and sensitive data leaks. Affected products include FortiClient (Linux and macOS), FortiSandbox, FortiOS, and FortiProxy.

Vulnerability Breakdown

• CVE-2023-45590 – FortiClient Linux Remote Code Execution (Critical)
  • A “code injection” flaw in FortiClient Linux could allow an attacker to trick a user into visiting a malicious website, leading to arbitrary code execution on the vulnerable system.
• CVE-2023-45588, CVE-2024-31492 – FortiClientMac Configuration File Vulnerability (High)
  • An attacker with local access on a macOS system could manipulate FortiClientMac configuration files to execute malicious code during installation.
• CVE-2024-23671 – FortiSandbox Arbitrary File Deletion (High)
  • Authenticated attackers with read-only access on FortiSandbox could potentially delete arbitrary files on the system by sending specially crafted HTTP requests.
• CVE-2024-21755, CVE-2024-21756 – FortiSandbox OS Command Injection (High)
  • Improper command handling by FortiSandbox could allow authenticated attackers with read-only permissions to execute unauthorized system-level commands.
• CVE-2023-41677 – FortiOS & FortiProxy Administrator Cookie Leakage (Medium)
  • Under specific conditions, attackers could trick administrators into visiting a malicious site through the SSL-VPN and obtain admin cookies, potentially compromising the system.

Impact

Successful exploitation of these vulnerabilities could result in:

• Full system compromise on devices running FortiClient
• Data exfiltration with further attack possibilities on the internal network
• Disruption of security monitoring and analysis on FortiSandbox
• Unauthorized control over firewalls and network proxies running FortiOS and FortiProxy.

Recommendations

• Prioritize immediate patching: Organizations using affected Fortinet products should apply the available patches without delay. Consult the advisory for specific update instructions.
• Review user permissions: Carefully audit user permissions in FortiSandbox to minimize the risk of privileged actions by potentially compromised read-only users.
• Enforce strong access controls: Reduce the potential for the FortiOS/FortiProxy cookie leakage issue by implementing strong access controls and user awareness about malicious websites through security training.