Fortinet FortiOS Flaw

A high-severity cross-site scripting (XSS) vulnerability tracked as (CVE-2023-29183) affecting several FortiOS and FortiProxy versions has been patched by Fortinet.

Additionally, the cybersecurity firm provided updates for a high-severity flaw in FortiWeb, tracked as  (CVE-2023-34984).

“A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system,” CISA warns.

CVE-2023-29183 – FortiOS & FortiProxy

The vulnerability was tracked as CVE-2023-29183 (CVSS score of 7.3) in FortiOS and FortiProxy GUI. An inappropriate neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability exists.

“This may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting,” Fortinet said in its advisory.

FREE Webinar

Live DDoS Attack Simulation

Attend the Live DDoS Website & API Attack Simulation webinar to gain knowledge on various types of attacks and how to prevent them.

Affected Products

  • FortiProxy version 7.2.0 through 7.2.4
  • FortiProxy version 7.0.0 through 7.0.10
  • FortiOS version 7.2.0 through 7.2.4
  • FortiOS version 7.0.0 through 7.0.11
  • FortiOS version 6.4.0 through 6.4.12
  • FortiOS version 6.2.0 through 6.2.14

Patch Available

  • FortiProxy version 7.2.5 or above
  • FortiProxy version 7.0.11 or above
  • FortiOS version 7.4.0 or above
  • FortiOS version 7.2.5 or above
  • FortiOS version 7.0.12 or above
  • FortiOS version 6.4.13 or above
  • FortiOS version 6.2.15 or above

CVE-2023-34984 – FortiWeb

The vulnerability was tracked as CVE-2023-34984 (CVSS score of 7.1) in FortiWeb. A protection mechanism failure vulnerability may allow an attacker to bypass XSS and CSRF protection.

Affected Products

  • FortiWeb version 7.2.0 through 7.2.1
  • FortiWeb version 7.0.0 through 7.0.6
  • FortiWeb 6.4, all versions
  • FortiWeb 6.3, all versions

Patch Available

  • FortiWeb version 7.2.2 or above
  • FortiWeb version 7.0.7 or above

Hence, users of Fortinet are urged to upgrade their switches and firewalls as soon as possible.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.