Severity Level: High
Title:
Security Updates- Fortinet
Summary:
1. CVE-2023-50176 (FortiOS) • CVSS v3 Score: 7.1 (High) • A session fixation vulnerability that may allow an unauthenticated attacker to hijack user sessions via a phishing SAML authentication link
2. CVE-2024-47574 (FortiClient Windows) • CVSS v3 Score: 7.4 (High) • An authentication bypass vulnerability that may allow a low-privilege attacker to execute arbitrary code with high privileges via spoofed named pipe messages
3. CVE-2024-36513 (FortiClient Windows) • CVSS v3 Score: 7.4 (High) • A privilege context switching error that may allow an authenticated user to escalate their privileges via lua auto patch scripts
4. CVE-2024-23666 (FortiAnalyzer) • CVSS v3 Score: 7.1 (High) • Details not provided in the given information.
5. CVE-2024-36513 (FortiAnalyzer) • CVSS v3 Score: 7.4 (High) • A client-side enforcement of server-side security vulnerability that may allow an authenticated attacker with at least read-only permission to execute sensitive operations via crafted requests
Recommendations:.
upgrade the affected versions to the fixed versions at the earliest.
References:
click here