CVE-2023-45590: 
FortiClient vulnerability analysis and mitigation

An Improper Control of Generation of Code ('Code Injection') vulnerability in FortiClientLinux was discovered and assigned CVE-2023-45590. The vulnerability affects FortiClientLinux versions 7.2.0, 7.0.6 through 7.0.10, and 7.0.3 through 7.0.4. This critical security flaw was initially published on April 9, 2024, and was discovered by security researcher CataLpa from Dbappsecurity Co. Ltd (Fortiguard PSIRT).

The vulnerability is classified as a critical severity issue with a CVSS score of 9.4 out of 10. It stems from a dangerous ELECTRONJS configuration that allows for improper control of code generation. The vulnerability is categorized under CWE-94 (Improper Control of Generation of Code) and enables code injection attacks (CERT-EU, Fortiguard PSIRT).

The vulnerability allows an unauthenticated attacker to execute arbitrary code on affected systems. This remote code execution capability poses a significant risk to system security and integrity, as it enables attackers to run unauthorized code or commands on the target system (Hacker News, Fortiguard PSIRT).

Fortinet has released security patches to address this vulnerability. Users of FortiClientLinux 7.2.0 should upgrade to version 7.2.1 or above, while users of versions 7.0.3 through 7.0.4 and 7.0.6 through 7.0.10 should upgrade to version 7.0.11 or above. Version 7.4 is not affected by this vulnerability (Fortiguard PSIRT).