The Digital Security Authority (DSA) wants to bring to your attention a Vulnerability in Fortinet FortiOS and FortiProxy that could be exploited to gain unauthorized access to affected systems.

Vulnerability Details:
• CVE-2023-44250
• CVSSv3 Score: 8.3 HIGH
• An improper privilege management vulnerability exists in a FortiOS & FortiProxy HA cluster. This vulnerability could allow authenticated attacker to gain elevated privileges on a vulnerable system.
• Successful exploitation of this vulnerability could allow an attacker to gain root privileges on the affected system, execute arbitrary code, modify or delete system files, install malware, and disrupt or disable system operations.

Affected Versions:
FortiOS 7.4.0 through 7.4.1
FortiOS 7.2.5
FortiProxy 7.4.0 through 7.4.1

Fixed Versions:
FortiOS 7.4.2 or above
FortiOS 7.2.6 or above
FortiProxy 7.4.2 or above

Recommendations:
Digital Security Authority (DSA) recommends to immediately updating the affected versions to the fixed or latest versions released by Fortinet.

The information presented in this report is based on available data up to the 11th of January 2024.