Fortinet has released patches for a dozen vulnerabilities, including a critical remote code execution (RCE) flaw, CVE-2023-45590, affecting FortiClientLinux, which could allow attackers to execute arbitrary code or commands via a malicious website. Other high-severity vulnerabilities addressed include credential protection issues in FortiOS and FortiProxy (CVE-2023-41677), arbitrary code execution in FortiClientMac (CVE-2023-45588 and CVE-2024-31492), and arbitrary file deletion or command execution in FortiSandbox (CVE-2024-23671, CVE-2024-21755, and CVE-2024-21756). While Fortinet hasn’t noted any active exploitation, users are urged to apply patches promptly to mitigate potential risks. CISA advises users to update their Fortinet appliances due to the severity of the vulnerabilities.
Read more: https://www.securityweek.com/fortinet-patches-critical-rce-vulnerability-in-forticlientlinux/