Новости компьютерной безопасности:

  Latest News

Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code

• 20-09-23 ... 10:07 С сайта: Vulnerability(cybersecuritynews.com)
• Вернуться к списку новостей

С сайта: Vulnerability(cybersecuritynews.com)

Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code

Author: Guru

A high-severity cross-site scripting (XSS) vulnerability tracked as (CVE-2023-29183) affecting several FortiOS and FortiProxy versions has been patched by Fortinet.

Additionally, the cybersecurity firm provided updates for a high-severityflaw in FortiWeb, tracked as (CVE-2023-34984).

“A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system,” CISA warns.

CVE-2023-29183 – FortiOS & FortiProxy
The vulnerability was tracked as CVE-2023-29183 (CVSS score of 7.3) in FortiOS and FortiProxy GUI. An inappropriate neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability exists.

“This may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting,” Fortinet said in its advisory.

Affected Products

• FortiProxy version 7.2.0 through 7.2.4
• FortiProxy version 7.0.0 through 7.0.10
• FortiOS version 7.2.0 through 7.2.4
• FortiOS version 7.0.0 through 7.0.11
• FortiOS version 6.4.0 through 6.4.12
• FortiOS version 6.2.0 through 6.2.14

Patch Available

• FortiProxy version 7.2.5 or above
• FortiProxy version 7.0.11 or above
• FortiOS version 7.4.0 or above
• FortiOS version 7.2.5 or above
• FortiOS version 7.0.12 or above
• FortiOS version 6.4.13 or above
• FortiOS version 6.2.15 or above

CVE-2023-34984 – FortiWeb
The vulnerability was tracked as CVE-2023-34984 (CVSS score of 7.1) in FortiWeb. A protection mechanism failure vulnerability may allow an attacker to bypass XSS and CSRF protection.

Affected Products

• FortiWeb version 7.2.0 through 7.2.1
• FortiWeb version 7.0.0 through 7.0.6
• FortiWeb 6.4, all versions
• FortiWeb 6.3, all versions

Patch Available

• FortiWeb version 7.2.2 or above
• FortiWeb version 7.0.7 or above

Hence, users of Fortinet are urged to upgrade their switches and firewalls as soon as possible.





#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability

Оригинальная версия на сайте: Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code

Вернуться к списку новостей

• Share:
• Twitter
• Facebook
• Vkontakte
• Skype
• WhatsApp
• Telegram
• Mail

К свежим новостям Здесь был google AdSense.
Вместо рекламы товаров началась политическая агитация.
Отключено до получения извинений.

Вернуться к списку новостей Здесь был google AdSense.
Вместо рекламы товаров началась политическая агитация.
Отключено до получения извинений.