Fortinet Releases Critical Security Patches for Vulnerability in FortiClient Linux

Fortinet has released patches to address a critical security flaw affecting FortiClient Linux that could be exploited to achieve arbitrary code execution.

Identified as CVE-2023-45590, the vulnerability has a CVSS score of 9.4 out of a maximum of 10.

“An Improper Control of Code Generation (‘Code Injection’) [CWE-94] vulnerability in FortiClient Linux could allow an unauthenticated attacker to execute arbitrary code by tricking a FortiClient Linux user into visiting a website. malicious,” Fortinet said in a statement.


The flaw, which has been described as a case of remote code execution due to a “dangerous Nodejs configuration,” affects the following versions:

– FortiClient Linux versions 7.0.3 to 7.0.4 and 7.0.6 to 7.0.10 (Upgrade to 7.0.11 or higher)

– FortiClient Linux version 7.2.0 (Upgrade to 7.2.1 or higher)

Security researcher CataLpa from Dbappsecurity has been recognized for discovering and reporting the vulnerability.


Fortinet’s April 2024 security patches also address an issue with the FortiClientMac installer that could also lead to code execution (CVE-2023-45588 and CVE-2024-31492, CVSS scores: 7.8).

Additionally, a FortiOS and FortiProxy bug that could leak administrator cookies in certain scenarios has been fixed (CVE-2023-41677, CVSS score: 7.5).

Although there is no evidence that any of the flaws are currently being exploited, it is recommended that users keep their systems updated to mitigate potential threats.

Related Posts
Devel Group
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.