Fortinet fixed two severe issues in FortiADC and FortiOS

Fortinet has addressed a couple of high-severity vulnerabilities impacting FortiADC, FortiOS, and FortiProxy.

Fortinet addressed nine security vulnerabilities affecting multiple products, including two high-severity issues, tracked as CVE-2023-27999 and CVE-2023-22640, in FortiADC, FortiOS, and FortiProxy.

The CVE-2023-27999 flaw (CVSS score 7.6) is a command injection issue in the external resource module.

“An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.” reads the advisory published by Fortinet.

The vulnerability impacts FortiADC version 7.2.0, and FortiADC version 7.1.0 through 7.1.1. The flaw was discovered by Wilfried Djettchou of Fortinet Product Security team.

The company addressed the issue with the release of FortiADC version 7.2.1 or above.

The CVE-2023-22640 flaw (CVSS score 7.1) is an out-of-bound write in the sslvpnd component of FortiOS and FortiProxy.

A threat actor can exploit the vulnerability to execute arbitrary code on vulnerable devices. An attacker can exploit the flaw by sending specifically crafted requests to the affected devices.

Below is the list of affected products:

FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.10
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.13
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.1
FortiProxy version 7.0.0 through 7.0.7
FortiProxy all versions 2.0, 1.2, 1.1, 1.0

The company also shared a workaround for this vulnerability:

“Disable “Host Check”, “Restrict to Specific OS Versions” and “MAC address host checking” in sslvpn portal configuration.” reads the advisory. “For example for “full-access” sslvpn portal:

config vpn ssl web portal edit "full-access" set os-check disable set host-check none set mac-addr-check disable end“

The vulnerability was discovered by Gwendal Guégniaud of Fortinet Product Security team

It is not clear if these vulnerabilities have been exploited by threat actors in the wild.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, FortiOS)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.