decioet c'est reparti pour un tour de 🩹​ FortiOS / FortiProxy / FortiClientEMS
⬇️​
https://www.cisa.gov/news-events/alerts/2024/03/12/fortinet-releases-security-updates-multiple-products
CVE-2023-42789
CVE-2023-42790 FortiOS & FortiProxy - Out-of-bounds Write in captive portal (⚠️Critical)
PoC
👇​
https://github.com/CrimBit/CVE-2023-42789-POC
Affected Products
FortiOS version 7.4.0 through 7.4.1
FortiOS version 7.2.0 through 7.2.5
FortiOS version 7.0.0 through 7.0.12
FortiOS version 6.4.0 through 6.4.14
FortiOS version 6.2.0 through 6.2.15
FortiProxy version 7.4.0
FortiProxy version 7.2.0 through 7.2.6
FortiProxy version 7.0.0 through 7.0.12
FortiProxy version 2.0.0 through 2.0.13
CVE-2023-48788 Pervasive SQL injection in DAS component [FortiClientEMS] ( ⚠️​Critical)
CVE-2023-47534 FortiClientEMS - - CSV injection in log download feature
CVE-2024-23112 FortiOS & FortiProxy – Authorization bypass in SSLVPN bookmarks
CVE-2023-36554 FortiWLM MEA for FortiManager - improper access control in backup and restore features