Fortinet fixed two severe issues in FortiADC and FortiOS

Fortinet has addressed a couple of high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy.

Fortinet addressed nine security vulnerabilities affecting multiple products, including two high-severity issues, tracked as CVE-2023-27999 and CVE-2023-22640, in FortiADC, FortiOS, and FortiProxy.

The CVE-2023-27999 flaw (CVSS score 7.6) is a command injection issue in the external resource module.

“An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.” reads the advisory published by Fortinet.

The vulnerability impacts FortiADC version 7.2.0, and FortiADC version 7.1.0 through 7.1.1. The flaw was discovered by Wilfried Djettchou of Fortinet Product Security team.

The company addressed the issue with the release of FortiADC version 7.2.1 or above.

The CVE-2023-22640 flaw (CVSS score 7.1) is an out-of-bound write in the sslvpnd component of FortiOS and FortiProxy.

A threat actor can exploit the vulnerability to execute arbitrary code on vulnerable devices. An attacker can exploit the flaw by sending specifically crafted requests to the affected devices.

Below is the list of affected products:

• FortiOS version 7.2.0 through 7.2.3
• FortiOS version 7.0.0 through 7.0.10
• FortiOS version 6.4.0 through 6.4.11
• FortiOS version 6.2.0 through 6.2.13
• FortiOS 6.0 all versions
• FortiProxy version 7.2.0 through 7.2.1
• FortiProxy version 7.0.0 through 7.0.7
• FortiProxy all versions 2.0, 1.2, 1.1, 1.0

The company also shared a workaround for this vulnerability:

“Disable “Host Check”, “Restrict to Specific OS Versions” and “MAC address host checking” in sslvpn portal configuration.” reads the advisory. “For example for “full-access” sslvpn portal:

config vpn ssl web portal
edit "full-access"
set os-check disable
set host-check none
set mac-addr-check disable
end“

The vulnerability was discovered by Gwendal Guégniaud of Fortinet Product Security team

It is not clear if these vulnerabilities have been exploited by threat actors in the wild.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, FortiOS)