Multiple vulnerabilities in FortiTester

Published: 2023-09-27

Risk	Low
Patch available	YES
Number of vulnerabilities	3
CVE-ID	CVE-2023-36642 CVE-2023-40715 CVE-2023-40717
CWE-ID	CWE-78 CWE-312 CWE-798
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	FortiTester Server applications / Other server solutions
Vendor	Fortinet, Inc

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) OS Command Injection

EUVDB-ID: #VU81223

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-36642

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improper input validation in FortiGuard explicit proxy setting within the management interface of FortiTester. A remote privileged user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FortiTester: 3.0.0 - 7.2.3

Fixed software versions

CPE2.3

cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:*

External links

http://fortiguard.com/psirt/FG-IR-22-501

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Cleartext storage of sensitive information

EUVDB-ID: #VU81222

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-40715

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to FortiTeste stores in clear text passwords of external servers configured in the device. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FortiTester: 2.3.0 - 7.2.3

Fixed software versions

CPE2.3

cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:*

External links

http://fortiguard.com/psirt/FG-IR-22-465

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Use of hard-coded credentials

EUVDB-ID: #VU81220

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-40717

CWE-ID:

Exploit availability:

Description

The vulnerability allows a local user to gain full access to the database.

The vulnerability exists due to presence of hard-coded credentials in application code. A local user with shell access to the system can gain unauthorized access to the mongodb database.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FortiTester: 2.3.0 - 7.2.3

Fixed software versions

CPE2.3

cpe:2.3:a:fortinet:fortitester:7.2.3:*:*:*:*:*:*:*

External links

http://fortiguard.com/psirt/FG-IR-22-245

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?