You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Fortinet Releases Security Updates for FortiClient and FortiGate - 20231115005
2
+
3
+
## Overview
4
+
5
+
Fortinet has released security advisories addressing vulnerabilities in FortiClient and FortiGate. Cyber threat actors may exploit some of these vulnerabilities to take control of an affected system.
6
+
7
+
## What is the vulnerability?
8
+
9
+
-[**CVE-2022-40681**](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40681) - CVSS v3 Base Score: ***7.1***
10
+
-[**CVE-2023-41840**](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41840) - CVSS v3 Base Score: ***7.4***
11
+
-[**CVE-2023-38545**](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545) - CVSS v3 Base Score: ***8.1***
12
+
13
+
## What has been observed?
14
+
15
+
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
16
+
17
+
## Recommendation
18
+
19
+
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
20
+
21
+
-[**FortiClient (Windows) - Arbitrary file deletion from unprivileged users (CVE-2022-40681)**](https://www.fortiguard.com/psirt/FG-IR-22-299)
22
+
-[**FortiClient (Windows) - DLL Hijacking via openssl.cnf (CVE-2023-41840)**](https://www.fortiguard.com/psirt/FG-IR-23-274)
23
+
-[**curl and libcurl vulnerabilities (CVE-2023-38545)**](https://www.fortiguard.com/psirt/FG-IR-23-385)
0 commit comments