Rewterz Threat Advisory – Multiple Fortinet FortiSIEM Vulnerabilities
June 13, 2023Rewterz Threat Advisory – Fortinet FortiOS, FortiProxy and FortiSwitchManager Vulnerabilities
June 13, 2023Rewterz Threat Advisory – Multiple Fortinet FortiSIEM Vulnerabilities
June 13, 2023Rewterz Threat Advisory – Fortinet FortiOS, FortiProxy and FortiSwitchManager Vulnerabilities
June 13, 2023Severity
High
Analysis Summary
CVE-2023-33877
Fortinet FortiClientWindows and FortiConverter could allow a local authenticated attacker to execute arbitrary code on the system, caused by an incorrect default permissions flaw. By sending a specially crafted request with files in the installation folder, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-33877
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiClientWindows 7.0.0
- Fortinet FortiClientWindows 6.4.0
- Fortinet FortiClientWindows 6.4.8
- Fortinet FortiClientWindows 7.0.6
- Fortinet FortiConverter 6.0
- Fortinet FortiConverter 6.2
- Fortinet FortiConverter 7.0
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.