CVE-2023-42789, 42790, 48788, 47534, 36554, 23112 Fortinet products

by Critical Insight on March 12, 2024

This advisory is for organizations that use Fortinet products. If your organization does not use these Fortinet products, this notification may be discarded.

Summary

Fortinet has released security updates for multiple products.

Affected Platforms

Vulnerability		CVSSv3	Affected versions
CVE-2023-42789	FortiOS & FortiProxy - Out-of-bounds Write in captive portal	9.3	FortiOS version 7.4.0 through 7.4.1
CVE-2023-42790			FortiOS version 7.2.0 through 7.2.5
			FortiOS version 7.0.0 through 7.0.12
			FortiOS version 6.4.0 through 6.4.14
			FortiOS version 6.2.0 through 6.2.15
			FortiProxy version 7.4.0
			FortiProxy version 7.2.0 through 7.2.6
			FortiProxy version 7.0.0 through 7.0.12
			FortiProxy version 2.0.0 through 2.0.13
CVE-2023-48788	FortiClientEMS Pervasive SQL injection in DAS component	9.3	FortiClientEMS 7.2.0 - 7.2.2
	FortiClientEMS Pervasive SQL injection in DAS component		FortiClientEMS 7.0.1 - 7.0.10
CVE-2023-47534	FortiClientEMS - CSV injection in log download feature	8.7	FortiClientEMS 7.2.0 - 7.2.2
			FortiClientEMS 7.0.0 - 7.0.10
			6.4 all version
			6.2 all versions
			6.0 all versions
CVE-2023-36554	FortiWLM MEA for FortiManager - improper access control in backup and restore features	7.7	FortiManager 7.4.0
			FortiManager 7.2.0 - 7.2.3
			FortiManager 7.0.0 - 7.0.10
			FortiManager 6.4.0 - 6.4.13
			FortiManager 6.2 all versions
CVE-2024-23112	FortiOS & FortiProxy – Authorization bypass in SSLVPN bookmarks	7.2	FortiOS 7.4.0 - 7.4.1
			FortiOS 7.2.0 - 7.2.6
			FortiOS 7.0.1 - 7.0.13
			FortiOS 6.4.7 - 6.4.14
			FortiProxy 7.4.0 - 7.4.2
			FortiProxy 7.2.0 - 7.2.8
			FortiProxy 7.0.0 - 7.0.14