Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code

A high-severity cross-site scripting (XSS) vulnerability tracked as (CVE-2023-29183) affecting several FortiOS and FortiProxy versions has been patched by Fortinet.

Additionally, the cybersecurity firm provided updates for a high-severity flaw in FortiWeb, tracked as (CVE-2023-34984).

“A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system,” CISA warns.

CVE-2023-29183 – FortiOS & FortiProxy

The vulnerability was tracked as CVE-2023-29183 (CVSS score of 7.3) in FortiOS and FortiProxy GUI. An inappropriate neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability exists.

“This may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting,” Fortinet said in its advisory.

Document

FREE Webinar

Live DDoS Attack Simulation

Attend the Live DDoS Website & API Attack Simulation webinar to gain knowledge on various types of attacks and how to prevent them.

Affected Products

FortiProxy version 7.2.0 through 7.2.4

FortiProxy version 7.0.0 through 7.0.10

FortiOS version 7.2.0 through 7.2.4

FortiOS version 7.0.0 through 7.0.11

FortiOS version 6.4.0 through 6.4.12

FortiOS version 6.2.0 through 6.2.14

Patch Available

FortiProxy version 7.2.5 or above

FortiProxy version 7.0.11 or above

FortiOS version 7.4.0 or above

FortiOS version 7.2.5 or above

FortiOS version 7.0.12 or above

FortiOS version 6.4.13 or above

FortiOS version 6.2.15 or above

CVE-2023-34984 – FortiWeb

The vulnerability was tracked as CVE-2023-34984 (CVSS score of 7.1) in FortiWeb. A protection mechanism failure vulnerability may allow an attacker to bypass XSS and CSRF protection.

Affected Products

FortiWeb version 7.2.0 through 7.2.1

FortiWeb version 7.0.0 through 7.0.6

FortiWeb 6.4, all versions

FortiWeb 6.3, all versions

Patch Available

FortiWeb version 7.2.2 or above

FortiWeb version 7.0.7 or above

Hence, users of Fortinet are urged to upgrade their switches and firewalls as soon as possible.

Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.

The post Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code appeared first on Cyber Security News.

Cyber Security News

September 20, 2023

A high-severity cross-site scripting (XSS) vulnerability tracked as (CVE-2023-29183) affecting several FortiOS and FortiProxy versions has been patched by Fortinet.

Additionally, the cybersecurity firm provided updates for a high-severity flaw in FortiWeb, tracked as (CVE-2023-34984).

“A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system,” CISA warns.

CVE-2023-29183 – FortiOS & FortiProxy

“This may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting,” Fortinet said in its advisory.

Document

FREE Webinar

Live DDoS Attack Simulation

Attend the Live DDoS Website & API Attack Simulation webinar to gain knowledge on various types of attacks and how to prevent them.

Affected Products

FortiProxy version 7.2.0 through 7.2.4

FortiProxy version 7.0.0 through 7.0.10

FortiOS version 7.2.0 through 7.2.4

FortiOS version 7.0.0 through 7.0.11

FortiOS version 6.4.0 through 6.4.12

FortiOS version 6.2.0 through 6.2.14

Patch Available

FortiProxy version 7.2.5 or above

FortiProxy version 7.0.11 or above

FortiOS version 7.4.0 or above

FortiOS version 7.2.5 or above

FortiOS version 7.0.12 or above

FortiOS version 6.4.13 or above

FortiOS version 6.2.15 or above

CVE-2023-34984 – FortiWeb

The vulnerability was tracked as CVE-2023-34984 (CVSS score of 7.1) in FortiWeb. A protection mechanism failure vulnerability may allow an attacker to bypass XSS and CSRF protection.

Affected Products

FortiWeb version 7.2.0 through 7.2.1

FortiWeb version 7.0.0 through 7.0.6

FortiWeb 6.4, all versions

FortiWeb 6.3, all versions

Patch Available

FortiWeb version 7.2.2 or above

FortiWeb version 7.0.7 or above

Hence, users of Fortinet are urged to upgrade their switches and firewalls as soon as possible.

Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.

The post Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code appeared first on Cyber Security News.

Cyber Security News

About The Author

See author's posts

Related Stories

Sublime Security Raises $150 Million for Email Security Platform

A Quarter of Scam Victims Have Considered Self-Harm

Industrial Giants Schneider Electric and Emerson Named as Victims of Oracle Hack