CVE-2023-29184 is a vulnerability identified in Fortinet's FortiProxy and FortiOS products, specifically affecting FortiOS 7.2 and earlier versions, as well as FortiProxy versions 7.2.0 through 7.2.2 and versions before 7.0.8. The vulnerability arises from improper access control related to incomplete cleanup of SSH key files on the system. A Virtual Domain (VDOM) privileged attacker can exploit this flaw by sending crafted CLI requests that silently add SSH key files to the system. This improper cleanup issue is categorized under CWE-459, which refers to residual data or incomplete removal of sensitive information. The vulnerability requires the attacker to have high privileges within a VDOM context, meaning the attacker must already have significant access rights to the system. The CVSS v3.1 base score is 3.1, indicating a low severity level, with the vector showing local attack vector (AV:L), low attack complexity (AC:L), high privileges required (PR:H), no user interaction (UI:N), and a scope change (S:C). The impact primarily affects integrity, as the attacker can add SSH keys, potentially enabling unauthorized persistent access or lateral movement within the network. Confidentiality and availability impacts are not indicated. No known exploits are reported in the wild, and no patches or mitigation links are provided in the source data. The vulnerability's exploitation could allow an attacker to maintain stealthy access by adding SSH keys without detection, which could be leveraged for further attacks or data exfiltration if combined with other vulnerabilities or misconfigurations.

For European organizations, the impact of CVE-2023-29184 depends on the deployment and use of Fortinet FortiProxy and FortiOS products. Fortinet is widely used in enterprise networks across Europe for secure web gateway, proxy, and firewall functions. An attacker with VDOM privileged access could silently add SSH keys, potentially enabling persistent unauthorized access to critical network infrastructure. This could lead to integrity compromises, such as unauthorized configuration changes or lateral movement within the network. While the vulnerability itself is rated low severity and requires high privileges, it could be a stepping stone in a multi-stage attack, especially in environments where internal threat actors or compromised administrators exist. The lack of impact on confidentiality and availability reduces the immediate risk of data breaches or service disruption solely from this vulnerability. However, the stealthy nature of the attack vector could delay detection and remediation, increasing the risk of prolonged compromise. European organizations with strict regulatory requirements (e.g., GDPR) must consider the potential compliance implications of unauthorized access and integrity violations within their network security infrastructure.

1. Restrict VDOM privileged access strictly to trusted administrators and implement strong authentication and authorization controls to minimize the risk of insider threats or credential compromise. 2. Monitor CLI activity and system logs for unusual SSH key additions or configuration changes, employing automated detection tools where possible to identify suspicious behavior early. 3. Apply the latest Fortinet patches and firmware updates as soon as they become available, even though no patch links are provided in the current data, regularly check Fortinet advisories for updates addressing this vulnerability. 4. Conduct periodic audits of SSH keys present on FortiProxy and FortiOS systems to detect unauthorized keys and remove them promptly. 5. Implement network segmentation and least privilege principles to limit the scope of access that any single VDOM privileged user has, reducing potential attack surface. 6. Use multi-factor authentication (MFA) for administrative access to Fortinet devices to add an additional security layer. 7. Engage in proactive threat hunting and incident response planning to quickly identify and respond to potential exploitation attempts.