Blog | Digital Hands

CVE-2023-45590 Digital Hands Security Bulletin FortiClient Linux RCE

Written by Digital Hands | Apr 11, 2024 4:20:51 PM

An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.

CVE-2023-45590 details

Severity: Critical with a 9.4/10 CVSS score ⚠️

Exploitation Status: No evidence yet of exploitation in the wild

CVE ID: CVE-2023-45590

Impact

Exploitation of vulnerability CVE-2023-45590 could lead to the execution of unauthorized code or commands, and potentially allow an unauthenticated attacked to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.

Recommendation for CVE-2023-45590

Version Affected Remediation
FortiClientLinux 7.2 7.2.0 Upgrade to 7.2.1 or above
FortiClientLinux 7.0 7.0.3 through 7.0.4 Upgrade to 7.0.11 or above
7.0.6 through 7.0.10

 

References

  1. FortiGuard Labs
  2. The Hacker News

What is Digital Hands Doing?

Without any signs of exploitation and the absence of published Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs), Digital Hands remains vigilant in monitoring for any new developments and updates regarding CVE-2023-45590. Stay tuned for further information as we continue to keep a close eye on this topic to ensure the security of FortiClientLinux users.