About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
RedLegg will include a brief description of the vulnerability, whether or not an active exploit or POC exists, and then a link to an update, if any, exists. If no update exists, there will be remediation or mitigation suggestions to limit each vulnerability's risk.
On June 13, 2023 Fortinet released an advisory detailing multiple vulnerabilities in unpatched Fortinet products that can be leveraged to gain remote code execution, and subsequently, initial access into an organization. Fortinet advises their customers to enroll in receiving alerts from the Fortinet Product Security Incident Response Team (PSIRT) for future advisories related to vulnerabilities in Fortinet products.
VULNERABILITIES
HEAP BUFFER OVERFLOW IN SSL-VPN
PRE-AUTHENTICATION VULNERABILITY
Identifier: CVE-2023-27997
CVSS Score: 9.2
Exploit or POC: No
Advisory Link: fortiguard.com/psirt/FG-IR-23-097
Description: CVE-2023-27997 allows for remote code execution. Opportunities to exploit this vulnerability present themselves in a way that allows for the bypass of various types of authentication including multi-factor authentication.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest FortiOS versions as mentioned in the vendor advisory.
NULL POINTER DE-REFERENCE
IN SSLVPND VULNERABILITY
Identifier: CVE-2023-29180
CVSS Score: 7.3
Exploit or POC: No
Advisory Link: fortiguard.com/psirt/FG-IR-23-111
Description: CVE-2023-29180 allows for remote code execution. Successful exploitation could allow an unauthenticated attacker to crash the SSL-VPN daemon.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest FortiOS versions as mentioned in the vendor advisory.
OUT-OF-BOUND-WRITE
IN SSLVPND VULNERABILITY
Identifier: CVE-2023-22640
CVSS Score: 7.1
Exploit or POC: No
Advisory Link: fortiguard.com/psirt/FG-IR-22-475
Description: CVE-2023-22640 allows for remote code execution. The SSLVPND contains an out-of-bounds vulnerability that would allow an attacker to transmit tailored requests in an attempt to execute remote code . Authentication is required for successful exploitation.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest FortiOS versions as mentioned in the vendor advisory.
FORMAT STRING BUG IN FCLICENSE
DAEMON VULNERABILITY
Identifier: CVE-2023-29181
CVSS Score: 8.3
Exploit or POC: No
Advisory Link: fortiguard.com/psirt/FG-IR-23-119
Description: CVE-2023-29181 allows for remote code execution. FortiOS Fclicense daemon contains a flaw in the externally-controlled string formatting. Authentication is required to successfully exploit this vulnerability.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest FortiOS versions as mentioned in the vendor advisory.
NULL POINTER DE-REFERENCE IN SSLVPND PROXY ENDPOINT VULNERABILITY
Identifier: CVE-2023-29179
CVSS Score: 6.4
Exploit or POC: No
Advisory Link: fortiguard.com/psirt/FG-IR-23-125
Description: CVE-2023-29179 allows for remote code execution. Successful exploitation could allow an authenticated attacker to crash the SSL-VPN daemon.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest FortiOS versions as mentioned in the vendor advisory.
OPEN REDIRECT IN SSLVPND VULNERABILITY
Identifier: CVE-2023-22641
CVSS Score: 4.1
Exploit or POC: No
Advisory Link: fortiguard.com/psirt/FG-IR-22-479
Description: CVE-2023-2641 allows for URL redirection. Authentication is required to successfully exploit this vulnerability. This vulnerability could allow an attacker to redirect users to an untrusted website using a specially crafted URL.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest FortiOS versions as mentioned in the vendor advisory.
