CVE-2023-37935: 
FortiOS vulnerability analysis and mitigation

CVE-2023-37935 is a vulnerability discovered in Fortinet FortiOS SSL VPN component that was disclosed on October 10, 2023. This vulnerability affects FortiOS versions 7.0.0 through 7.0.12, 7.2.0 through 7.2.5, and 7.4.0. The issue is classified as a use of GET request method with sensitive query strings vulnerability (CWE-598) that could expose sensitive information (Fortinet Advisory, NVD).

The vulnerability stems from the improper handling of GET requests in the SSL VPN web portal component. When accessing remote services like RDP or VNC through the SSL VPN, sensitive credentials are included in GET request query strings. These credentials can be exposed if an attacker gains access to logs, referrer headers, or browser caches where these GET requests are stored. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) by Fortinet, while NVD rates it at 7.5 (High) (NVD, Fortinet Advisory).

The primary impact of this vulnerability is information disclosure. If successfully exploited, an attacker could view plaintext passwords of remote services such as RDP or VNC by accessing GET requests through various means including logs, referrer headers, or cached data. This exposure of credentials could potentially lead to unauthorized access to these remote services (Fortinet Advisory).

Fortinet has released patches to address this vulnerability. Organizations are advised to upgrade to FortiOS version 7.4.1 or above, FortiOS version 7.2.6 or above, or FortiOS version 7.0.13 or above. It's worth noting that FortiOS 7.6 and FortiOS 6.4 are not affected by this vulnerability (Fortinet Advisory).