Fortinet Issues Fixes for High-Risk Vulnerabilities in Multiple Products

September 18, 2023

Fortinet, a major cybersecurity company, has launched patches to fix a severe cross-site scripting (XSS) vulnerability that affects its enterprise-grade firewalls and switches. The vulnerability, identified as CVE-2023-29183 with a CVSS score of 7.3, impacts multiple versions of FortiOS and FortiProxy. The flaw could allow an authenticated attacker to exploit the guest management settings and execute malicious JavaScript code.

This vulnerability was discovered by Fortinet's CSE team and affects FortiProxy versions 7.0.x and 7.2.x, and FortiOS versions 6.2.x, 6.4.x, 7.0.x, and 7.2.x. To address this issue, Fortinet has released FortiProxy versions 7.0.11 and 7.2.5, and FortiOS versions 6.2.15, 6.4.13, 7.0.12, 7.2.5, and 7.4.0.

Alongside this, Fortinet also issued patches for a serious vulnerability in its web application firewall and API protection solution, FortiWeb. This flaw, identified as CVE-2023-34984 with a CVSS score of 7.1, could enable an attacker to bypass existing XSS and cross-site request forgery (CSRF) protections. The bug impacts FortiWeb versions 6.3, 6.4, 7.0.x, and 7.2.x. To address this, Fortinet released FortiWeb versions 7.0.7 and 7.2.2.

Fortinet is urging its users to update their firewalls and switches as soon as possible to mitigate these vulnerabilities. While the company has not reported any of these vulnerabilities being actively exploited, it is known that flaws in Fortinet appliances have previously been used to gain access to enterprise networks.

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that exploitation of these bugs could result in full system compromise. CISA advises administrators to review Fortinet’s advisories and apply the necessary updates. As CISA notes, “A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system.”

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.