Login Sign Up

CVE-2023-45590

9.6 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows remote code execution on FortiClientLinux installations through code injection. Attackers can execute arbitrary code by tricking users into visiting malicious websites. Affects FortiClientLinux versions 7.2.0, 7.0.6-7.0.10, and 7.0.3-7.0.4.

💻 Affected Systems

Products:
  • Fortinet FortiClientLinux
Versions: 7.2.0, 7.0.6 through 7.0.10, 7.0.3 through 7.0.4
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user interaction (visiting malicious website) but no authentication. All default configurations are vulnerable.

📦 What is this software?

Forticlient by Fortinet

View all CVEs affecting Forticlient →

Forticlient by Fortinet

View all CVEs affecting Forticlient →

Forticlient by Fortinet

View all CVEs affecting Forticlient →

Forticlient by Fortinet

View all CVEs affecting Forticlient →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected Linux system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Attacker executes malicious code with user privileges, potentially installing malware, stealing credentials, or establishing persistence on the system.

🟢

If Mitigated

With proper web filtering and user awareness, exploitation attempts are blocked before reaching vulnerable clients.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but no authentication. Attack complexity is low once user visits malicious site.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.2.1, 7.0.11, 7.0.5

Vendor Advisory: https://fortiguard.com/psirt/FG-IR-23-087

Restart Required: Yes

Instructions:

1. Download latest FortiClientLinux version from Fortinet support portal. 2. Install update using package manager. 3. Restart system to ensure changes take effect.

🔧 Temporary Workarounds

Web Filtering

all

Implement web filtering to block access to malicious websites

User Awareness

all

Train users to avoid suspicious links and websites

🧯 If You Can't Patch

  • Implement network segmentation to isolate vulnerable systems
  • Deploy endpoint detection and response (EDR) to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check FortiClientLinux version with 'forticlient --version' or package manager query

Check Version:

forticlient --version

Verify Fix Applied:

Verify version is 7.2.1, 7.0.11, or 7.0.5 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process execution from FortiClient
  • Network connections to suspicious domains

Network Indicators:

  • Outbound connections from FortiClient to unknown IPs
  • DNS queries to malicious domains

SIEM Query:

process_name="forticlient" AND (parent_process="browser" OR cmdline CONTAINS "suspicious")

📊 Metadata

CVE ID: CVE-2023-45590
CVSS v3 Score: 9.6 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-94
Published: April 9, 2024
Last Updated: January 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45590, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)