Critical Remote Code Execution Vulnerability in FortiClientLinux Patched by Fortinet

April 10, 2024

Fortinet, a leading cybersecurity solutions provider, has recently patched a series of vulnerabilities in its multiple products. Notably, a critical remote code execution (RCE) bug in FortiClientLinux was addressed. The vulnerability, tagged as CVE-2023-45590 with a CVSS score of 9.4, is a severe security issue. It's an 'Improper Control of Generation of Code' or 'Code Injection' flaw that exists in FortiClientLinux.

An attacker, without the need for authentication, can exploit this flaw to run arbitrary code. This can be achieved by luring a user of FortiClientLinux into visiting a website specifically designed for malicious purposes. Fortinet's advisory stated, “An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.”

The issue was brought to Fortinet's attention by a security researcher from Dbappsecurity, CataLpa. The company has not disclosed whether this vulnerability has been exploited in any real-world attacks.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert advising Fortinet users about the security updates released by the company to mitigate multiple vulnerabilities in its products, including OS and FortiProxy. The alert read, “Fortinet released security updates to address vulnerabilities in multiple products, including OS and FortiProxy. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.” The alert urged users and administrators to review the advisories and apply necessary updates.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.