Fortinet Releases Security Updates for FortiClient and FortiGate - 20231115005

Overview

Fortinet has released security advisories addressing vulnerabilities in FortiClient and FortiGate. Cyber threat actors may exploit some of these vulnerabilities to take control of an affected system.

What is the vulnerability?

• CVE-2022-40681 - CVSS v3 Base Score: 7.1
• CVE-2023-41840 - CVSS v3 Base Score: 7.4
• CVE-2023-38545 - CVSS v3 Base Score: 8.1

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

• FortiClient (Windows) - Arbitrary file deletion from unprivileged users (CVE-2022-40681)
• FortiClient (Windows) - DLL Hijacking via openssl.cnf (CVE-2023-41840)
• curl and libcurl vulnerabilities (CVE-2023-38545)