CVE-2023-22641: Open redirect in sslvpnd
First published: Tue Apr 11 2023(Updated: )
A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specially crafted requests.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiProxy | >=1.0.0<=2.0.12 | |
| Fortinet FortiProxy | >=7.0.0<7.0.9 | |
| Fortinet FortiProxy | >=7.2.0<7.2.3 | |
| Fortinet FortiOS | >=6.0.0<6.4.13 | |
| Fortinet FortiOS | >=7.0.0<7.0.11 | |
| Fortinet FortiOS | >=7.2.0<7.2.4 |
Remedy
Please upgrade to FortiProxy version 7.2.3 or above Please upgrade to FortiProxy version 7.0.9 or above Please upgrade to FortiOS version 7.2.4 or above Please upgrade to FortiOS version 7.0.10 or above Please upgrade to FortiOS version 6.4.13 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-22641.
What is the severity level of CVE-2023-22641?
The severity level of CVE-2023-22641 is medium with a score of 5.4.
Which versions of Fortinet FortiOS and FortiProxy are affected by CVE-2023-22641?
Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, and FortiProxy version 7.0.0 through 7.0.9 are affected by CVE-2023-22641.
What is the description of CVE-2023-22641?
CVE-2023-22641 is a URL redirection vulnerability, also known as an open redirect, in Fortinet FortiOS and FortiProxy. It allows an attacker to redirect users to an untrusted site.
How can I fix CVE-2023-22641?
The vendor recommends upgrading to the latest version of Fortinet FortiOS or FortiProxy to mitigate the vulnerability.
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/weakness
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/fortiguard-psirt-latest
- source/FortiGuard
- alias/CVE-2023-22641
- collector/fortiguard-psirt
- agent/references
- agent/title
- agent/severity
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortiproxy
- version/fortinet fortiproxy/1.0.0
- version/fortinet fortiproxy/2.0.12
- version/fortinet fortiproxy/7.0.0
- version/fortinet fortiproxy/7.2.0
- canonical/fortinet fortios
- version/fortinet fortios/6.0.0
- version/fortinet fortios/7.0.0
- version/fortinet fortios/7.2.0