Summary
Fortinet has released security updates for remote code vulnerability. The vulnerability CVE-2023-29183 (CVSS 7.3 high) is possible because of XSS (“cross site scripting”) within the FortiOS and FortiProxy GUI. This allows an authenticated attacker to trigger malicious Javascript code via a crafted guest management setting.
Affected products
- FortiProxy version 7.2.0 through 7.2.4
- FortiProxy version 7.0.0 through 7.0.10
- FortiOS version 7.2.0 through 7.2.4
- FortiOS version 7.0.0 through 7.0.11
- FortiOS version 6.4.0 through 6.4.12
- FortiOS version 6.2.0 through 6.2.14
Security updates
Fortigate has provide security updates for the affected products:
- upgrade to FortiProxy version 7.2.5 or above
- upgrade to FortiProxy version 7.0.11 or above
- upgrade to FortiOS version 7.4.0 or above
- upgrade to FortiOS version 7.2.5 or above
- upgrade to FortiOS version 7.0.12 or above
- upgrade to FortiOS version 6.4.13 or above
- upgrade to FortiOS version 6.2.15 or above