Rewterz Threat Advisory – CVE-2023-1265 – GitLab Vulnerability
May 5, 2023Rewterz Threat Alert – RedLine Stealer – Active IOCs
May 5, 2023Rewterz Threat Advisory – CVE-2023-1265 – GitLab Vulnerability
May 5, 2023Rewterz Threat Alert – RedLine Stealer – Active IOCs
May 5, 2023Severity
Medium
Analysis Summary
CVE-2022-43950 CVSS:4.3
Fortinet FortiNAC could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using the defaultUrl parameter in a specially crafted URL to redirect a victim to arbitrary Web sites.
CVE-2022-45858 CVSS:4.2
Fortinet FortiNAC could provide weaker than expected security, caused by the use of a use of a weak cryptographic algorithm. An attacker could exploit this vulnerability to launch further attacks on the system.
CVE-2022-45859 CVSS:4.1
Fortinet FortiNAC could allow a local authenticated attacker to obtain sensitive information, caused by insufficiently protected credentials. An attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-26203 CVSS:6.7
Fortinet FortiNAC contains default hardcoded credentials. A local authenticated attacker could exploit this vulnerability to gain access to the system.
CVE-2023-22637 CVSS:6.5
Fortinet FortiNAC is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A local authenticated attacker could exploit this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2023-27993 CVSS:6
Fortinet FortiADC could allow a local authenticated attacker to traverse directories on the system, caused by improper validation of user-supplied input by the command line interface. An attacker could send a specially-crafted command containing “dot dot” sequences (/../) to delete arbitrary directories on the system.
CVE-2022-45860 CVSS:5.3
Fortinet FortiNAC could provide weaker than expected security, caused by a weak authentication vulnerability in the device registration page. An attacker could exploit this vulnerability to launch further attacks on the system.
CVE-2023-22640 CVSS:7.5
Fortinet FortiOS and FortiProxy could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write in sslvpnd. By sending specially crafted requests, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Gain Access
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-43950
- CVE-2022-45858
- CVE-2022-45859
- CVE-2023-26203
- CVE-2023-22637
- CVE-2023-27993
- CVE-2022-45860
- CVE-2023-22640
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiNAC 8.7
- Fortinet FortiNAC 8.8
- Fortinet FortiNAC 9.1
- Fortinet FortiNAC 9.2
- Fortinet FortiNAC 9.4.0
- Fortinet FortiADC 5.2
- Fortinet FortiADC 5.3
- Fortinet FortiADC 5.4
- Fortinet FortiADC 6.0
- Fortinet FortiADC 6.1
- Fortinet FortiADC 7.1.0
- Fortinet FortiADC 7.1.1
- Fortinet FortiADC 7.2.0
- Fortinet FortiProxy 2.0.0
- Fortinet FortiProxy 1.1
- Fortinet FortiOS 7.0.0
- Fortinet FortiProxy 7.0.0
- Fortinet FortiOS 7.2.0
- Fortinet FortiProxy 7.2.0
- Fortinet FortiProxy 1.2
- Fortinet FortiOS 6.4.0
- Fortinet FortiOS 6.2
- Fortinet FortiOS 6.0
- Fortinet FortiOS 7.2.3
- Fortinet FortiOS 6.2.12
- Fortinet FortiOS 6.4.11
- Fortinet FortiOS 7.0.9
- Fortinet FortiNAC 9.4.2
- Fortinet FortiProxy 2.0.11
Remediation
Refer to FortiGuard Advisory for patch, upgrade or suggested workaround information.