Table of Contents
December 4, 2023
|15m
Breaking Down the Latest June 2023 Monthly PSIRT Advisory Report From Fortinet
Fortinet has recently released its June 2023 Monthly PSIRT Advisory Report, which we’ve covered in this detailed report. This report describes newly released security vulnerabilities affecting Fortinet products. We’ve also added a separate table in the report that describes all the products affected by these vulnerabilities.
Through this report, you will understand the severity of each vulnerability, the steps needed to mitigate the risks and take the necessary actions to enhance the security structure against potential threats.
Summary of June 2023 Monthly PSIRT Advisory Report
The Fortinet report released has the following key points:
The report listed 22 vulnerabilities, out of which 1 is critical, 7 are classified as High, 12 as Medium and 2 as Low.
The products affected by these 22 vulnerabilities may include FortiOS, FortiProxy, FortiSIEM, FortiADC, FortiNAC, FortiManager, FortiAnalyzer, FortiWeb, FortiClientWindows, FortiADCManager, FortiSaaawitcahManager, FortiConverter, and FortiOS-6K7K.
A vulnerability identified as Critical CVE-2023-27997 is a heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
Vulnerabilities by Category:
The June 2023 Monthly PSIRT Advisory Report presents 21 vulnerabilities affecting multiple FortiGate products. Below is a table giving the overview of each vulnerability type identified in the report:
| Vulnerability Type | Number of Occurrences |
| NULL pointer dereference [CWE-476] vulnerability | 3 |
| Command Injection [CWE-78] vulnerability | 2 |
| incorrect default permissions [CWE-276] vulnerability | 1 |
| Server-side request forgery (SSRF) vulnerability [CWE-918] | 1 |
| Access control vulnerability [CWE-284] | 2 |
| Access of uninitialized pointer vulnerability [CWE-824] | 1 |
| Format string vulnerability [CWE-134] | 2 |
| Heap-based buffer overflow vulnerability [CWE-122] | 1 |
| Improper certificate validation vulnerability [CWE-295] | 1 |
| Out-of-bounds write vulnerability [CWE-787] | 1 |
| Insertion of sensitive information into log file vulnerability [CWE-532] | 1 |
| Relative path traversal vulnerability [CWE-23] | 1 |
| Loop with unreachable exit condition (‘Infinite Loop’) vulnerability [CWE-835] | 1 |
| Cleartext transmission of sensitive information vulnerability [CWE-319] | 1 |
| Improper restriction of excessive authentication attempts [CWE-307] | 1 |
| Plaintext storage of a password vulnerability [CWE-256] | 1 |
| Broken or risky cryptographic algorithm [CWE-327] | 1 |
Vulnerabilities by Product
Please refer to this table if you want to know the list of vulnerabilities by the Fortinet products.
| Fortinet Product | Number of Occurrence |
| FortiOS | 12 |
| FortiProxy | 9 |
| FortiADC | 2 |
| FortiNAC | 2 |
| FortiSIEM | 2 |
| FortiManager | 1 |
| FortiAnalyzer | 1 |
| FortiWeb | 1 |
| FortiClientWindows | 1 |
| FortiADCManager | 1 |
| FortiSwitchManager | 1 |
| FortiConverter | 1 |
| FortiOS-6K7K | 1 |
Comprehensive List of Vulnerabilities Patched in June 2023 Monthly PSIRT Advisory Report
This table shows the break down of all the 22 vulnerabilities published in June 2023 Monthly PSIRT Advisory Report.
| CVE | Summary | CVSSv3 Score | Severity | Products Affected | Product Fixed |
| CVE-2023-27997 | A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. | 9.2 | Critical | FortiOS-6K7K version 7.0.10 FortiOS-6K7K version 7.0.5 FortiOS-6K7K version 6.4.12 FortiOS-6K7K version 6.4.10 FortiOS-6K7K version 6.4.8 FortiOS-6K7K version 6.4.6 FortiOS-6K7K version 6.4.2 FortiOS-6K7K version 6.2.9 through 6.2.13 FortiOS-6K7K version 6.2.6 through 6.2.7 FortiOS-6K7K version 6.2.4 FortiOS-6K7K version 6.0.12 through 6.0.16 FortiOS-6K7K version 6.0.10 FortiProxy version 7.2.0 through 7.2.3 FortiProxy version 7.0.0 through 7.0.9 FortiProxy version 2.0.0 through 2.0.12 FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiOS version 7.2.0 through 7.2.4 FortiOS version 7.0.0 through 7.0.11 FortiOS version 6.4.0 through 6.4.12 FortiOS version 6.2.0 through 6.2.13 FortiOS version 6.0.0 through 6.0.16 | Workaround: Disable SSL-VPN. Please upgrade to FortiOS-6K7K version 7.0.12 or above Please upgrade to FortiOS-6K7K version 6.4.13 or above Please upgrade to FortiOS-6K7K version 6.2.15 or above Please upgrade to FortiOS-6K7K version 6.0.17 or above Please upgrade to FortiProxy version 7.2.4 or above Please upgrade to FortiProxy version 7.0.10 or above Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiOS version 6.2.14 or above Please upgrade to FortiOS version 6.0.17 or above |
| CVE-2023-29181 | A use of externally-controlled format string vulnerability [CWE-134] in the Fclicense daemon of FortiOS may allow a remote authenticated attacker to execute arbitrary code or commands via specially crafted requests. | 8.3 | High | FortiOS version 7.2.0 through 7.2.4 FortiOS version 7.0.0 through 7.0.11 FortiOS version 6.4.0 through 6.4.12 FortiOS version 6.2.0 through 6.2.14 FortiOS 6.0 all versions | Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiOS version 6.2.15 or above |
| CVE-2022-42478 | An improper restriction of excessive authentication attempts [CWE-307] in FortiSIEM may allow a unauthenticated user with access to several endpoints to perform a brute force attack on these endpoints. | 8.1 | High | FortiSIEM version 6.7.0 FortiSIEM 6.6 all versions FortiSIEM 6.5 all versions FortiSIEM 6.4 all versions FortiSIEM 6.3 all versions FortiSIEM 6.2 all versions FortiSIEM 6.1 all versions FortiSIEM 5.4 all versions FortiSIEM 5.3 all versions FortiSIEM 5.2 all versions FortiSIEM 5.1 all versions | Please upgrade to FortiSIEM version 7.0.0 or above Please upgrade to FortiSIEM version 6.7.1 or above |
| CVE-2023-26210 | Multiple improper neutralization of special elements used in an os command (‘OS Command Injection‘) vulnerabilties [CWE-78] in FortiADC & FortiADC Manager may allow a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests. | 7.8 | High | FortiADC version 7.2.0 FortiADC version 7.1.0 through 7.1.2 FortiADC 7.0 all versions FortiADC 6.2 all versions FortiADC 6.1 all versions FortiADC 6.0 all versions FortiADC 5.4 all versions FortiADC 5.3 all versions FortiADC 5.2 all versions At least FortiADCManager version 7.1.0 FortiADCManager version 7.0.0 FortiADCManager 6.2 all versions FortiADCManager 6.1 all versions FortiADCManager 6.0 all versions FortiADCManager 5.4 all versions FortiADCManager 5.3 all versions FortiADCManager 5.2 all versions | Please upgrade to FortiADC version 7.2.1 or above Please upgrade to FortiADC version 7.1.3 or above Please upgrade to FortiADCManager version 7.2.0 or above Please upgrade to FortiADCManager version 7.1.1 or above Please upgrade to FortiADCManager version 7.0.1 or above |
| CVE-2022-41327 | A cleartext transmission of sensitive information vulnerability [CWE-319] in FortiOS & FortiProxy may allow an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands. | 7.6 | High | FortiOS version 7.2.0 through 7.2.4 FortiOS version 7.0.0 through 7.0.8 FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 | Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.9 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above |
| VE-2023-29180 | A NULL pointer dereference vulnerability [CWE-476] in FortiOS may allow a remote unauthenticated attacker to crash the SSL-VPN daemon via specially crafted HTTP requests. | 7.3 | High | FortiOS version 7.2.0 through 7.2.4 FortiOS version 7.0.0 through 7.0.11 FortiOS version 6.4.0 through 6.4.12 FortiOS version 6.2.0 through 6.2.14 FortiOS version 6.0.0 through 6.0.16 | Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiOS version 6.2.15 or above Please upgrade to FortiOS version 6.0.17 or above |
| CVE-2022-39946 | An access control vulnerability [CWE-284] in FortiNAC may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests. | 7.2 | High | At least FortiNAC version 9.4.0 through 9.4.2 FortiNAC 9.2.0 through 9.2.7 FortiNAC 9.1 all versions FortiNAC 8.8 all versions FortiNAC 8.7 all versions FortiNAC 8.6 all versions FortiNAC 8.5 all versions | Please upgrade to FortiNAC-F version 7.2.0 or above Please upgrade to FortiNAC version 9.4.3 or above Please upgrade to FortiNAC version 9.2.8 or above |
| CVE-2023-22633 | An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation. | 7.2 | High | At least FortiNAC-F version 7.2.0 FortiNAC version 9.4.0 through 9.4.1 FortiNAC version 9.2.0 through 9.2.6 FortiNAC version 9.1.0 through 9.1.8 FortiNAC 8.8.0 all versions FortiNAC 8.7.0 all versions | Please upgrade to FortiNAC-F version 7.2.1 or above Please upgrade to FortiNAC version 9.4.2 or above Please upgrade to FortiNAC version 9.2.7 or above Please upgrade to FortiNAC version 9.1.9 or above |
| CVE-2022-33877 | An incorrect default permissions [CWE-276] vulnerability in FortiClient (Windows) and FortiConverter (Windows) may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConvreter is installed in an insecure folder. | 6.8 | Medium | FortiClientWindows version 7.0.0 through 7.0.6 FortiClientWindows version 6.4.0 through 6.4.8 FortiConverter version 7.0.0 FortiConverter 6.2 all versions FortiConverter 6.0 all versions | Please upgrade to FortiClientWindows version 7.0.7 or above Please upgrade to FortiClientWindows version 6.4.9 or above Please upgrade to FortiConverter version 7.0.1 or above Please upgrade to FortiConverter version 6.2.2 or above |
| CVE-2023-33306 | A NULL pointer dereference vulnerability [CWE-476] in SSL-VPN may allow an authenticated remote attacker to trigger a crash of the SSL-VPN service via crafted requests. | 6.4 | Medium | FortiOS version 7.2.0 through 7.2.4 FortiOS version 7.0.0 through 7.0.10 FortiProxy version 7.2.0 through 7.2.2 FortiProxy version 7.0.0 through 7.0.8 | Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.11 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiProxy version 7.2.4 or above Please upgrade to FortiProxy version 7.2.3 or above Please upgrade to FortiProxy version 7.0.9 or above Please upgrade to FortiProxy version 7.0.10 or above |
| CVE-2023-29179 | A NULL pointer dereference vulnerability [CWE-476] in FortiOS may allow an authenticated attacker to crash the SSL-VPN daemon via specially crafted HTTP requests to the /proxy endpoint | 6.4 | Medium | FortiOS version 7.2.0 through 7.2.4 FortiOS version 7.0.0 through 7.0.11 FortiOS version 6.4.0 through 6.4.12 | Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above Please upgrade to FortiOS version 6.4.13 or above |
| CVE-2023-28000 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command. | 6.3 | Medium | FortiADC version 7.1.0 FortiADC version 7.0.0 through 7.0.3 FortiADC version 6.2.0 through 6.2.4 FortiADC 6.1 all versions FortiADC 6.0 all versions | Please upgrade to FortiADC version 7.1.1 or above Please upgrade to FortiADC version 7.0.4 or above Please upgrade to FortiADC version 6.2.5 or above |
| CVE-2022-43953 | A format string vulnerability [CWE-134] in the command line interpreter of FortiOS and FortiProxy may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments. | 6.3 | Medium | FortiOS version 7.2.0 through 7.2.4 FortiOS all versions 7.0, 6.4, 6.2 FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 | Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above Please upgrade to FortiOS version 6.4.13 or above |
| CVE-2023-22639 | An out-of-bounds write vulnerability [CWE-787] in Command Line Interface of FortiOS and FortiProxy may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted commands. | 6.3 | Medium | FortiOS version 7.2.0 through 7.2.3 FortiOS version 7.0.0 through 7.0.10 FortiOS version 6.4.0 through 6.4.12 FortiOS 6.2 all versions FortiOS 6.0 all versions FortiProxy version 7.2.0 through 7.2.2 FortiProxy version 7.0.0 through 7.0.8 FortiProxy 2.0 all versions FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiProxy 1.0 all versions | Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.11 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiProxy version 7.2.3 or above Please upgrade to FortiProxy version 7.0.9 or above |
| CVE-2022-42474 | Use of a broken or risky cryptographic algorithm [CWE-327] in FortiSIEM may allow a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods. | 6.2 | Medium | FortiOS version 7.2.0 through 7.2.3 FortiOS version 7.0.0 through 7.0.9 FortiOS version 6.4.0 through 6.4.12 FortiOS 6.2 all versions FortiSwitchManager version 7.2.0 through 7.2.1 FortiSwitchManager version 7.0.0 through 7.0.1 FortiProxy version 7.2.0 through 7.2.1 FortiProxy version 7.0.0 through 7.0.7 FortiProxy version 2.0.0 through 2.0.11 FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiProxy 1.0 all versions | Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.10 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiSwitchManager version 7.2.2 or above Please upgrade to FortiSwitchManager version 7.0.2 or above Please upgrade to FortiProxy version 7.2.2 or above Please upgrade to FortiProxy version 7.0.8 or above Please upgrade to FortiProxy version 2.0.12 or above |
| CVE-2022-43949 | The use of a broken or risky cryptographic algorithm [CWE-327] in FortiSIEM may allow a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods. | 5.9 | Medium | FortiSIEM version 6.7.0 through 6.7.1 FortiSIEM 6.6 all versions FortiSIEM 6.5 all versions FortiSIEM 6.4 all versions FortiSIEM 6.3 all versions FortiSIEM 6.2 all versions FortiSIEM 6.1 all versions FortiSIEM 5.4 all versions FortiSIEM 5.3 all versions | Please upgrade to FortiSIEM version 7.0.0 or above Please upgrade to FortiSIEM version 6.7.2 or above |
| CVE-2023-33305 | A loop with unreachable exit condition (‘Infinite Loop’) vulnerability [CWE-835] in FortiOS, FortiProxy and Fortiweb may allow an authenticated attacker to perform a denial of service via a specially crafted firmware image. | 4.9 | Medium | FortiWeb version 7.2.0 through 7.2.1 FortiWeb version 7.0.0 through 7.0.6 FortiWeb 6.4 all versions FortiWeb 6.3 all versions FortiOS version 7.2.0 through 7.2.4 FortiOS version 7.0.0 through 7.0.10 FortiOS 6.4 all versions FortiOS 6.2 all versions FortiOS 6.0 all versions FortiProxy version 7.2.0 through 7.2.3 FortiProxy version 7.0.0 through 7.0.9 FortiProxy 2.0 all versions FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiProxy 1.0 all versions | Please upgrade to FortiPAM version 1.0.0 or above Please upgrade to FortiWeb version 7.2.2 or above Please upgrade to FortiWeb version 7.0.7 or above Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.11 or above Please upgrade to FortiProxy version 7.2.4 or above Please upgrade to FortiProxy version 7.0.10 or above |
| CVE-2023-29175 | An improper certificate validation vulnerability [CWE-295] in FortiOS and FortiProxy may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard’s map server. | 4.4 | Medium | FortiOS 7.2.0 FortiOS 7.0.0 through 7.0.10 FortiOS 6.4 all versions FortiOS 6.2 all versions FortiProxy version 7.2.0 through 7.2.3 FortiProxy version 7.0.0 through 7.0.9 FortiProxy 2.0 all versions FortiProxy 1.2 all versions | Please upgrade to FortiOS version 7.2.1 or above Please upgrade to FortiOS version 7.0.11 or above Please upgrade to FortiProxy version 7.2.4 or above Please upgrade to FortiProxy version 7.0.10 or above |
| CVE-2023-25609 | A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests. | 4.2 | Medium | FortiAnalyzer version 7.2.0 through 7.2.1 FortiAnalyzer version 7.0.0 through 7.0.6 FortiAnalyzer version 6.4.8 through 6.4.11 FortiManager version 7.2.0 through 7.2.1 FortiManager version 7.0.0 through 7.0.6 FortiManager version 6.4.8 through 6.4.11 | Please upgrade to FortiAnalyzer version 7.2.2 or above Please upgrade to FortiAnalyzer version 7.0.7 or above Please upgrade to FortiAnalyzer version 6.4.12 or above Please upgrade to FortiManager version 7.2.2 or above Please upgrade to FortiManager version 7.0.7 or above Please upgrade to FortiManager version 6.4.12 or above |
| CVE-2023-29178 | An access of uninitialized pointer vulnerability [CWE-824] in FortiOS administrative interface API may allow an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests. | 4.1 | Medium | FortiProxy version 7.2.0 through 7.2.3 FortiProxy version 7.0.0 through 7.0.9 FortiProxy 2.0 all versions FortiProxy 1.2 all versions FortiProxy 1.1 all versions FortiOS version 7.2.0 through 7.2.4 FortiOS version 7.0.0 through 7.0.11 FortiOS 6.4 all versions FortiOS 6.2 all versions FortiOS 6.0 all versions | Please upgrade to FortiProxy version 7.2.4 or above Please upgrade to FortiProxy version 7.0.10 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above |
| CVE-2023-26204 | A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. | 3.6 | Low | FortiSIEM 6.7 all versions FortiSIEM 6.6 all versions FortiSIEM 6.5 all versions FortiSIEM 6.4 all versions FortiSIEM 6.3 all versions FortiSIEM 6.2 all versions FortiSIEM 6.1 all versions FortiSIEM 5.4 all versions FortiSIEM 5.3 all versions | Please upgrade to FortiSIEM version 7.0.0 or above |
| CVE-2023-26207 | An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS / FortiProxy log events may allow a remote authenticated attacker to read certain passwords in plain text. | 3.3 | Low | FortiOS 7.2 all versions FortiProxy version 7.2.0 through 7.2.1 FortiProxy 7.0 all versions | Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiProxy version 7.2.2 or above |
This report presents complete detail about the June 2023 Monthly PSIRT Advisory Report Fortinet released on June 12, 2023. With this report, you can stay up to date with all newly released vulnerabilities and the recommended steps to take to avoid getting affected by it. You can also share this post and contribute to making the digital world securer and protected. If you want to have more regular posts on topics like these, please visit our website thesecmaster.com and follow us on our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, and Medium, and subscribe to our content.
Breaking Down the Latest February 2023 Monthly PSIRT Advisory Report From Fortinet
Breaking Down the Latest May 2023 Monthly PSIRT Advisory Report From Fortinet
Breaking Down the March 2023 Monthly PSIRT Advisory Report From Fortinet
How to Fix CVE-2023-27997- A Critical Heap-Based Buffer Overflow Vulnerability in FortiOS?
Breaking Down the Latest April 2023 Monthly PSIRT Advisory Report From Fortinet
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
- April 18, 2024
Learn Something New with Free Email subscription
Learn Something New with Free Email subscription
Subscribe
Subscribe
Subscribe
Subscribe
- April 18, 2024
