Fortinet launches critical security patch for FortiClientLinux vulnerability

ReportApril 11, 2024Editorial DepartmentVulnerability/Threat Mitigation

flying tower

Fortinet has released a patch to address a critical security vulnerability affecting FortiClientLinux that could be exploited to achieve arbitrary code execution.

This vulnerability is numbered CVE-2023-45590 and has a CVSS score of 9.4 out of 10.

“Code Generation Improper Control (“Code Injection”) Vulnerability [CWE-94] Fortinet stated in the announcement that “FortinetLinux” in FortinetLinux could allow an unauthenticated attacker to execute arbitrary code by tricking FortiClientLinux users into accessing a malicious website.

Internet security

The flaw, described as a situation where remote code execution occurs due to a “dangerous Nodejs configuration”, affects the following versions –

  • FortiClientLinux versions 7.0.3 to 7.0.4 and 7.0.6 to 7.0.10 (upgrade to 7.0.11 or later)
  • FortiClientLinux version 7.2.0 (upgrade to 7.2.1 or later)

Security researcher CataLpa from Dbappsecurity is credited with discovering and reporting the vulnerability.

Fortinet’s April 2024 security patch also resolves an issue in the FortiClientMac installer that could also lead to code execution (CVE-2023-45588 and CVE-2024-31492, CVSS score: 7.8).

Also resolved is a FortiOS and FortiProxy bug that could leak administrator cookies under certain circumstances (CVE-2023-41677, CVSS score: 7.5).

While there is no evidence that any of the flaws are widely exploited, users are advised to keep their systems up to date to mitigate potential threats.

Did you find this article interesting?follow us Twitter and LinkedIn to read more exclusive content from us.



Source link



from Tech Empire Solutions https://techempiresolutions.com/fortinet-launches-critical-security-patch-for-forticlientlinux-vulnerability/
via https://techempiresolutions.com/

from Tech Empire Solutions https://techempiresolutions.blogspot.com/2024/04/fortinet-launches-critical-security.html
via https://techempiresolutions.com/

Comments

Post a Comment

Popular posts from this blog

Top 3D Printing Websites

Image
Best 3-D Printing Websites Tech Empire Solutions goes into its top picks for 3-D printing websites. Best 3d printing websites by Tech Empire Solutions read more. Top Sites For STI & STL Images Cults Cults is one of the best and most known highly popular websites for 3d prints. If you want a design then cults offers a great selection of models to chose from.   Thingiverse Thingiverse is a little more than just a platform to find and download stl images. It is also a platform where creators can attain followers and submit their own designs!   Printables Printables has one of the largest selections of 3D Models to chose from. Thousands of designs that are also rated and reviewed by thousands of people on the website making it a reliable source for 3-d printing designs.   Thangs Thans is ano...
Read more

Emerging Academic Education Platforms – Sponsored By Edufox

Image
Top Leading Academic Platform   Did you wish that there was a way to make learning easier in a structured environment?   Today we are introducing a emerging education platform Edufox.   More About Edufox Edufox is based in Sweden and allows people to gain tons of education and knowledge!   They seem like great people with a great team you can meet their team on their website by clicking here The post Emerging Academic Education Platforms – Sponsored By Edufox appeared first on Tech Empire Solutions . from Tech Empire Solutions https://techempiresolutions.com/emerging-academic-education-platforms-sponsored-by-edufox/ via https://techempiresolutions.com/ from Tech Empire Solutions https://techempiresolutions.blogspot.com/2025/02/emerging-academic-education-platforms.html via https://techempiresolutions.com/
Read more

U.S. government disrupts Russian-linked cyber espionage botnet

Image
Report February 16, 2024  Editorial Department Botnet/Internet Security The U.S. government said Thursday it disrupted a botnet of hundreds of small office and home office (SOHO) routers in the country that Russia-linked APT28 attackers used to hide their malicious activities. “These crimes included large-scale spear phishing and similar credential collection operations targeting intelligence targets of interest to the Russian government, such as U.S. and foreign governments and militaries,” the U.S. Department of Justice (DoJ) said in a statement. , security and enterprise organizations.” stated. APT28, whose tracking names also include BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard (formerly known as Strontium), FROZENLAKE, Iron Twilight, Pawn Storm, Sednit, Sofacy, and TA422, has been assessed as having ties to the Russian General Directorate’s Unit 26165. There is contact with the General Administration. General Staff Unit (GRU). It is understood to have been active ...
Read more