An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.
Severity: Critical with a 9.4/10 CVSS score ⚠️
Exploitation Status: No evidence yet of exploitation in the wild
CVE ID: CVE-2023-45590
Exploitation of vulnerability CVE-2023-45590 could lead to the execution of unauthorized code or commands, and potentially allow an unauthenticated attacked to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.
| Version | Affected | Remediation |
| FortiClientLinux 7.2 | 7.2.0 | Upgrade to 7.2.1 or above |
| FortiClientLinux 7.0 | 7.0.3 through 7.0.4 | Upgrade to 7.0.11 or above |
| 7.0.6 through 7.0.10 |
Without any signs of exploitation and the absence of published Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs), Digital Hands remains vigilant in monitoring for any new developments and updates regarding CVE-2023-45590. Stay tuned for further information as we continue to keep a close eye on this topic to ensure the security of FortiClientLinux users.