Fortinet Mitigates Severe Vulnerabilities in FortiOS, FortiProxy, and FortiWeb
Fortinet, a pioneer in the cybersecurity arena, has recently patched a significant cross-site scripting (XSS) vulnerability (CVE-2023-29183) found across numerous versions of FortiOS and FortiProxy. This notable vulnerability, assigned a CVSS score of 7.3, could facilitate harmful JavaScript code execution through manipulated guest management settings, as confirmed by a Fortinet advisory.
“This may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting,” the cybersecurity firm cautioned.
On the same note, Fortinet has rectified a high-severity flaw that plagued its FortiWeb software. The flaw, identified as CVE-2023-34984 and armed with a CVSS score of 7.1, could potentially empower attackers to bypass XSS and CSRF protection. According to a warning issued by CISA, this vulnerability could enable cyber attackers to gain control over compromised systems.
Affected Fortinet Products
- FortiProxy versions from 7.2.0 to 7.2.4, and from 7.0.0 to 7.0.10
- FortiOS versions from 7.2.0 to 7.2.4, from 7.0.0 to 7.0.11, from 6.4.0 to 6.4.12, and from 6.2.0 to 6.2.14
- FortiWeb versions from 7.2.0 to 7.2.1, and from 7.0.0 to 7.0.6, including all 6.4 and 6.3 versions
Issued Patches by Fortinet
- FortiProxy versions 7.2.5 and 7.0.11 and above
- FortiOS versions 7.4.0, 7.2.5, 7.0.12, 6.4.13, and 6.2.15 and above
- FortiWeb versions 7.2.2 and 7.0.7 and above
Therefore, Fortinet recommends all its trusted customers to urgently update their switches and firewalls to safeguard their systems from potential threats that these vulnerabilities may pose.
About Fortinet
Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet’s solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.
Conclusion
Ensuring a robust cybersecurity posture plays a vital role in our increasingly connected world. Keeping your software updated is the first line of defense. We’d love to hear your thoughts on this issue. Are you a Fortinet user, and have you updated your system? Please share your experiences in the comments below.