CVE-2023-42789, 42790, 48788, 47534, 36554, 23112 Fortinet products | Critical Insight

Vulnerability

CVSSv3

Affected versions

CVE-2023-42789

FortiOS & FortiProxy - Out-of-bounds Write in captive portal

9.3

FortiOS version 7.4.0 through 7.4.1

CVE-2023-42790

FortiOS version 7.2.0 through 7.2.5

FortiOS version 7.0.0 through 7.0.12

FortiOS version 6.4.0 through 6.4.14

FortiOS version 6.2.0 through 6.2.15

FortiProxy version 7.4.0

FortiProxy version 7.2.0 through 7.2.6

FortiProxy version 7.0.0 through 7.0.12

FortiProxy version 2.0.0 through 2.0.13

CVE-2023-48788

FortiClientEMS Pervasive SQL injection in DAS component

9.3

FortiClientEMS 7.2.0 - 7.2.2

FortiClientEMS 7.0.1 - 7.0.10

CVE-2023-47534

FortiClientEMS - CSV injection in log download feature

8.7

FortiClientEMS 7.2.0 - 7.2.2

FortiClientEMS 7.0.0 - 7.0.10

6.4 all version

6.2 all versions

6.0 all versions

CVE-2023-36554

FortiWLM MEA for FortiManager - improper access control in backup and restore features

7.7

FortiManager 7.4.0

FortiManager 7.2.0 - 7.2.3

FortiManager 7.0.0 - 7.0.10

FortiManager 6.4.0 - 6.4.13

FortiManager 6.2 all versions

CVE-2024-23112

FortiOS & FortiProxy – Authorization bypass in SSLVPN bookmarks

7.2

FortiOS 7.4.0 - 7.4.1

FortiOS 7.2.0 - 7.2.6

FortiOS 7.0.1 - 7.0.13

FortiOS 6.4.7 - 6.4.14

FortiProxy 7.4.0 - 7.4.2

FortiProxy 7.2.0 - 7.2.8

FortiProxy 7.0.0 - 7.0.14