CVE-2023-47539: Critical Vulnerability in FortiMail

Fortinet issued a security advisory on December 12th, disclosing multiple vulnerabilities affecting its products, including one classified as Critical.

The advisory revealed twelve vulnerabilities across various products, particularly in their FortiOS operating system. Among these, the CVE-2023-41678 (CVSS 8.3) vulnerability, a double-free flaw exploitable by authenticated users, and the CVE-2023-36639 (CVSS 7.0) vulnerability, which allows the execution of malicious code or commands via API requests, were highlighted.


The advisory specifically underscored the CVE-2023-47539 (CVSS 9.0) vulnerability in FortiMail, which, under certain conditions, allows bypassing the login process to gain administrator-level access. This vulnerability was rated as Critical, the highest severity level among the five categories.

An improper access control vulnerability [CWE-284] in FortiMail configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request,” reads the description of CVE-2023-47539 flaw.

Additionally, five vulnerabilities were categorized as High in severity. These include CVE-2023-41678 affecting both FortiOS and FortiPAM, as well as CVE-2023-36639, which impacts both these products and FortiProxy. Other notable vulnerabilities are CVE-2023-48791 (CVSS 7.9) in FortiWLM and FortiPortal.

Furthermore, the advisory mentioned the CVE-2022-27488 (CVSS 7.5) vulnerability, a Cross-Site Request Forgery (CSRF) flaw, impacting a wide range of products including FortiMail, FortiNDR, FortiRecorder, FortiSwitch, and FortiVoiceEnterprise.