CVE-2023-42789: 
FortiOS vulnerability analysis and mitigation

An out-of-bounds write vulnerability (CVE-2023-42789) was discovered in FortiOS and FortiProxy's captive portal functionality. The vulnerability affects multiple versions of FortiOS (7.4.0-7.4.1, 7.2.0-7.2.5, 7.0.0-7.0.12, 6.4.0-6.4.14, 6.2.0-6.2.15) and FortiProxy (7.4.0, 7.2.0-7.2.6, 7.0.0-7.0.12, 2.0.0-2.0.13). This critical vulnerability was internally discovered by Gwendal Guégniaud of Fortinet Product Security Team and was publicly disclosed on March 12, 2024 (Fortiguard PSIRT).

The vulnerability is classified as an out-of-bounds write [CWE-787] with a critical CVSS v3 score of 9.3. It specifically affects the captive portal component of FortiOS and FortiProxy systems. The vulnerability can be exploited through specially crafted HTTP requests when an attacker has access to the captive portal. Only devices with captive portal enabled are affected by this vulnerability (Fortiguard PSIRT, CERT-EU).

If successfully exploited, this vulnerability allows an inside attacker with access to the captive portal to execute arbitrary code or commands on the affected system. The high CVSS score of 9.3 indicates the potential for severe impact on system security (Fortiguard PSIRT).

Fortinet has released patches for all affected versions and recommends upgrading to the following versions: FortiOS 7.4.2 or above, 7.2.6 or above, 7.0.13 or above, 6.4.15 or above, 6.2.16 or above; FortiProxy 7.4.1 or above, 7.2.7 or above, 7.0.13 or above, 2.0.14 or above. A workaround is available by setting a non-form-based authentication scheme in the configuration. Additionally, a virtual patch named 'FortiOS.Captive.Portal.Out.Of.Bounds.Write.' is available in FMWP db update 23.105 (Fortiguard PSIRT).