Rewterz Threat Alert – A New PikaBot Malware – Active IOCs
October 24, 2023Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
October 24, 2023Rewterz Threat Alert – A New PikaBot Malware – Active IOCs
October 24, 2023Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
October 24, 2023Severity
High
Analysis Summary
CVE-2023-40714 CVSS:9.9
Fortinet FortiSIEM could allow a remote authenticated attacker to traverse directories on the system, caused by a relative path traversal vulnerability in file upload components. By sending a specially crafted HTTP request, an attacker could replace arbitrary files on the underlying filesystem and gain elevated privileges on the system.
CVE-2023-34992 CVSS:9.8
Fortinet FortiSIEM could allow a remote attacker to execute arbitrary commands on the system, caused by OS command injection. By sending specially crafted HTTP requests, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2023-40718 CVSS:7.5
Fortinet FortiOS IPS engine could allow a remote attacker to bypass security restrictions, caused by an interpretation conflict vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to evade NGFW policies or IPS Engine protection.
CVE-2023-41841 CVSS:8.1
Fortinet FortiOS could allow a remote authenticated attacker to bypass security restrictions, caused by an improper authorization vulnerability in FortiOS’s WEB UI component. By sending a specially crafted request, an attacker could exploit this vulnerability to perform elevated actions.
CVE-2023-37935 CVSS:6.5
Fortinet FortiOS could allow a remote authenticated attacker to obtain sensitive information, caused by the plain-text credentials in GET request. By reading the GET requests, a remote authenticated attacker could exploit this vulnerability to obtain sensitive information.
CVE-2023-33301 CVSS:6.5
Fortinet FortiOS could allow a remote attacker to bypass security restrictions, caused by improper access control. An attacker could exploit this vulnerability to access restricted resources from non-trusted hosts.
CVE-2023-41675 CVSS:5.3
Fortinet FortiOS and FortiProxy is vulnerable to a denial of service, caused by an use-after-free vulnerability. By sending a specially crafted request, a remote attacker could exploit this vulnerability to crash the Web Proxy process.
CVE-2023-36555 CVSS:3.9
Fortinet FortiOS could allow a remote authenticated attacker to bypass security restrictions, caused by an improper authorization vulnerability in FortiOS’s WEB UI component. By sending a specially crafted request, an attacker could exploit this vulnerability to perform elevated actions.
Impact
- Denial of Service
- Cross-Site Scripting
- Information Disclosure
- Gain Access
- Security Bypass
- Information Theft
Indicators Of Compromise
CVE
- CVE-2023-40714
- CVE-2023-34992
- CVE-2023-40718
- CVE-2023-41841
- CVE-2023-37935
- CVE-2023-33301
- CVE-2023-41675
- CVE-2023-36555
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiSIEM 6.4
- Fortinet FortiSIEM 6.5
- Fortinet FortiSIEM 6.6
- Fortinet FortiSIEM 6.7.0
- Fortinet FortiSIEM 6.7.1
- Fortinet FortiSIEM 6.7.5
- Fortinet FortiSIEM 7.0.0
- Fortinet FortiOS IPS engine 6.158
- Fortinet FortiOS IPS engine 7.165
- Fortinet FortiOS IPS engine 7.312
- Fortinet FortiOS 7.0.11
- Fortinet FortiOS 7.2.4
- Fortinet FortiOS 7.0.0
- Fortinet FortiOS 7.2.0
- Fortinet FortiOS 7.4.0
- Fortinet FortiOS 7.2.5
- Fortinet FortiOS 7.2.3
- Fortinet FortiOS 7.0.12
- Fortinet FortiOS 7.0.10
- Fortinet FortiProxy 7.0.0
- Fortinet FortiProxy 7.2.0
- Fortinet FortiProxy 7.0.8
- Fortinet FortiProxy 7.2.2
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.