Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: new RCE vulnerabilities affecting FortiWeb, FortiProxy and FortiOS, patch and verify your systems asap!
Image
Gepubliceerd : 20/09/2023
Reference:
Advisory #2023-110
Version:
1.0
Affected software:
FortiOS version 6.2.0 through 6.2.14FortiWeb version 7.2.0 through 7.2.1
FortiOS version 6.4.0 through 6.4.12
FortiOS version 7.0.0 through 7.0.11
FortiOS version 7.2.0 through 7.2.4
FortiProxy version 7.0.0 through 7.0.10
FortiProxy version 7.2.0 through 7.2.4
FortiWeb 6.3 all versions
FortiWeb 6.4 all versions
FortiWeb version 7.0.0 through 7.0.6
Type:
Remote Code Execution (RCE)
CVE/CVSS:
CVE-2023-29183CVSS score: 7.3 (high)CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Sources
https://fortiguard.com/psirt/FG-IR-23-068
https://www.fortiguard.com/psirt/FG-IR-23-106
Risks
FortiNet released a security fix to patch two vulnerabilities leading to remote code execution. Both vulnerabilities have a high impact on all vertices of the CIA triad (Confidentiality, Integrity, Availability).
The US Cybersecurity and Infrastructure Security Agency (CISA) warns that exploitation of these flaws could lead to full system compromise.
The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyze system and network logs for any suspicious activity. If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident.
Description
CVE-2023-29183 is an improper neutralization of input vulnerability. The flaw affects FortiOS and FortiProxy. Both are products of Fortinet’s. An authenticated attacker who successfully exploits this vulnerability could trigger malicious JavaScript code execution via crafted guest management setting.
CVE-2023-34984 is a failure in the protection mechanism of FortiWeb, a web application firewall from FortiNet. Successfully exploiting this vulnerability may allow an attacker to bypass XSS (cross-site scripting) and CSRF (cross-site request forgery) protections.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends upgrading your software:
For CVE-2023-34984
Upgrade to FortiWeb version 7.2.2 or above
Upgrade to FortiWeb version 7.0.7 or above
For CVE-2023-29183
Upgrade to FortiProxy version 7.2.5 or above
Upgrade to FortiProxy version 7.0.11 or above
Upgrade to FortiOS version 7.4.0 or above
Upgrade to FortiOS version 7.2.5 or above
Upgrade to FortiOS version 7.0.12 or above
Upgrade to FortiOS version 6.4.13 or above
Upgrade to FortiOS version 6.2.15 or above