What is the severity of CVE-2023-41677?

CVE-2023-41677 has been classified as a critical vulnerability due to insufficiently protected credentials.

How do I fix CVE-2023-41677?

To fix CVE-2023-41677, upgrade FortiOS to version 7.4.2 or later, 7.2.7 or later, or 7.0.13 or later.

Which versions are affected by CVE-2023-41677?

CVE-2023-41677 affects FortiOS versions from 7.4.0 to 7.4.1, 7.2.0 to 7.2.6, and 7.0.0 to 7.0.12, among others.

Is FortiProxy impacted by CVE-2023-41677?

Yes, CVE-2023-41677 also affects multiple versions of FortiProxy, specifically versions from 7.4.0 to 7.4.1, 7.2.0 to 7.2.7, and others.

What are the potential risks of CVE-2023-41677?

The potential risks of CVE-2023-41677 include unauthorized access and compromise of sensitive information due to insufficient protection of credentials.

Vulnerability/
CVE-2023-41677

high

8.8

CWE

522 77

9/4/2024

12/12/2024

CVE-2023-41677: Administrator cookie leakage

First published: Tue Apr 09 2024(Updated: )

A insufficiently protected credentials in Fortinet FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17 allows attacker to execute unauthorized code or commands via targeted social engineering attack

Credit: psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiProxy	>=1.0.0<7.0.14
Fortinet FortiProxy	>=7.2.0<7.2.8
Fortinet FortiProxy	>=7.4.0<7.4.2
Fortinet FortiOS IPS Engine	>=6.0.0<6.2.16
Fortinet FortiOS IPS Engine	>=6.4.0<6.4.15
Fortinet FortiOS IPS Engine	>=7.0.0<7.0.13
Fortinet FortiOS IPS Engine	>=7.2.0<7.2.7
Fortinet FortiOS IPS Engine	>=7.4.0<7.4.2
Fortinet FortiOS IPS Engine	>=7.4.0<=7.4.1
Fortinet FortiOS IPS Engine	>=7.2.0<=7.2.6
Fortinet FortiOS IPS Engine	>=7.0.0<=7.0.12
Fortinet FortiOS IPS Engine	>=6.4.0<=6.4.14
Fortinet FortiOS IPS Engine	>=6.2.0<=6.2.15
Fortinet FortiOS IPS Engine	>=6.0
Fortinet FortiProxy	>=7.4.0<=7.4.1
Fortinet FortiProxy	>=7.2.0<=7.2.7
Fortinet FortiProxy	>=7.0.0<=7.0.13
Fortinet FortiProxy	>=2.0
Fortinet FortiProxy	>=1.2
Fortinet FortiProxy	>=1.1
Fortinet FortiProxy	>=1.0

Remedy

Please upgrade to FortiSASE version 23.4.a or above Please upgrade to FortiOS version 7.4.2 or above Please upgrade to FortiOS version 7.2.7 or above Please upgrade to FortiOS version 7.0.13 or above Please upgrade to FortiOS version 6.4.15 or above Please upgrade to FortiOS version 6.2.16 or above Please upgrade to FortiProxy version 7.4.2 or above Please upgrade to FortiProxy version 7.2.8 or above Please upgrade to FortiProxy version 7.0.14 or above

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2023-41677?
CVE-2023-41677 has been classified as a critical vulnerability due to insufficiently protected credentials.
How do I fix CVE-2023-41677?
To fix CVE-2023-41677, upgrade FortiOS to version 7.4.2 or later, 7.2.7 or later, or 7.0.13 or later.
Which versions are affected by CVE-2023-41677?
CVE-2023-41677 affects FortiOS versions from 7.4.0 to 7.4.1, 7.2.0 to 7.2.6, and 7.0.0 to 7.0.12, among others.
Is FortiProxy impacted by CVE-2023-41677?
Yes, CVE-2023-41677 also affects multiple versions of FortiProxy, specifically versions from 7.4.0 to 7.4.1, 7.2.0 to 7.2.7, and others.
What are the potential risks of CVE-2023-41677?
The potential risks of CVE-2023-41677 include unauthorized access and compromise of sensitive information due to insufficient protection of credentials.

agent/remedy
agent/type
collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2023-41677
agent/first-publish-date
agent/description
collector/the-register
source/The Register
alias/CVE-2024-26234
alias/CVE-2024-29988
alias/CVE-2024-21322
alias/CVE-2024-21323
alias/CVE-2024-29053
alias/CVE-2023-48784
alias/CVE-2024-23662
alias/CVE-2024-22246
alias/CVE-2024-20348
agent/news-ai
agent/weakness
agent/author
agent/event
agent/references
agent/title
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/softwarecombine
agent/trending
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/fortiguard-psirt
vendor/fortinet
canonical/fortinet fortiproxy
version/fortinet fortiproxy/1.0.0
version/fortinet fortiproxy/7.2.0
version/fortinet fortiproxy/7.4.0
canonical/fortinet fortios ips engine
version/fortinet fortios ips engine/6.0.0
version/fortinet fortios ips engine/6.4.0
version/fortinet fortios ips engine/7.0.0
version/fortinet fortios ips engine/7.2.0
version/fortinet fortios ips engine/7.4.0
version/fortinet fortios ips engine/7.4.1
version/fortinet fortios ips engine/7.2.6
version/fortinet fortios ips engine/7.0.12
version/fortinet fortios ips engine/6.4.14
version/fortinet fortios ips engine/6.2.0
version/fortinet fortios ips engine/6.2.15
version/fortinet fortios ips engine/6.0
version/fortinet fortiproxy/7.4.1
version/fortinet fortiproxy/7.2.7
version/fortinet fortiproxy/7.0.0
version/fortinet fortiproxy/7.0.13
version/fortinet fortiproxy/2.0
version/fortinet fortiproxy/1.2
version/fortinet fortiproxy/1.1
version/fortinet fortiproxy/1.0