Publication Date: |
|
Last Update: |
|
Current Version: | V1.1 |
CVSS v3.1 Base Score: | 9.8 |
CVSS v4.0 Base Score: | 8.7 |
Affected Product and Versions | Remediation |
---|---|
All versions with Fortinet NGFW affected by CVE-2023-38545, CVE-2023-38546, CVE-2023-44250, CVE-2023-44487, CVE-2023-46717, CVE-2023-47537, CVE-2024-21762, CVE-2024-23112, CVE-2024-23113 |
Update Fortigate NGFW to V7.4.3. Contact customer support to receive patch and update information.
|
All versions with Fortinet NGFW with captive portal enabled affected by CVE-2023-42789, CVE-2023-42790 |
Update Fortigate NGFW to V7.4.3. Contact customer support to receive patch and update information.
|
Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:
Product-specific remediations or mitigations can be found in the section
Affected Products and Solution.
Please follow the General Security Recommendations.
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.
CVSS v3.1 Base Score | 6.7 |
CVSS v3.1 Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-122: Heap-based Buffer Overflow |
This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met.
libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers.
libcurl provides a function call that duplicates en easy handle called curl_easy_duphandle.
If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific file on
disk, the cloned version of the handle would instead store the file name as
none
(using the four ASCII letters, no quotes).
Subsequent use of the cloned handle that does not explicitly set a source to
load cookies from would then inadvertently load cookies from a file named
none
- if such a file exists and is readable in the current directory of the
program using libcurl. And if using the correct file format of course.
CVSS v3.1 Base Score | 3.7 |
CVSS v3.1 Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
CWE | CWE-73: External Control of File Name or Path |
CVSS v3.1 Base Score | 9.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 8.1 |
CVSS v3.1 Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-121: Stack-based Buffer Overflow |
CVSS v3.1 Base Score | 8.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-269: Improper Privilege Management |
CVSS v3.1 Base Score | 7.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
CVSS v4.0 Base Score | 8.7 |
CVSS v4.0 Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
CWE | CWE-400: Uncontrolled Resource Consumption |
CVSS v3.1 Base Score | 7.5 |
CVSS v3.1 Vector | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-287: Improper Authentication |
CVSS v3.1 Base Score | 4.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
CWE | CWE-295: Improper Certificate Validation |
CVSS v3.1 Base Score | 9.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-787: Out-of-bounds Write |
CVSS v3.1 Base Score | 8.0 |
CVSS v3.1 Vector | CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-639: Authorization Bypass Through User-Controlled Key |
CVSS v3.1 Base Score | 9.8 |
CVSS v3.1 Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
CWE | CWE-134: Use of Externally-Controlled Format String |
Siemens recommends to consult and implement the workarounds provided in Fortinet's upstream security notifications.
V1.0 (2024-03-12): | Publication Date |
V1.1 (2024-04-09): | Added CVE-2023-42789, CVE-2023-42790, CVE-2023-46717, CVE-2024-23112 and updated remediations |