Share this
CVE-2024-21762 - FortiOS Out of bounds write vulnerability / CVE-2024-23113 FortiOS format string vulnerability
by Critical Insight on February 12, 2024
This advisory is for organizations that use Fortinet products. If you do not use Fortinet products, this advisory may be discarded.
Summary
Fortinet has released patches to address two vulnerabilities. Both CVEs 2024-21762 and 2024-23113 are considered to be critical and easy to exploit for remote attackers. It should be assumed that threat actors are actively hunting for opportunities to leverage these vulnerabilities to access and compromise organizational networks. CISA has added the vulnerability CVE-2024-21762 to their catalog of known exploited vulnerabilities catalog. Fortinet warns that 2024-21762 has been noted to be exploited in the wild.
CVE-2024-21762 – Out of Bounds write in sslvpnd
CVSSv3.1: 9.8
Invalid parameter validations present within FortiOS and FortiProxy SSL-VPN may allow an unauthenticated, remote attacker to send an HTTP request crafted to trigger an out of bounds write, permitting them to execute arbitrary code.
CVE-2024-23113
CVSSv3: 9.8 - Format string bug in fgfmd
Format string vulnerability is present in the FortiOS fgfmd daemon, which is the FortiGate FortiManager and is enabled by default. This may allow and unauthenticated remote attacker to send tailored requests to execute arbitrary code.
Affected Platforms and Mitigations
CVE-2024-21762
Prioritize patching. No additional mitigations are noted.
Version |
Affected |
Solution |
FortiOS 7.6 |
Not affected |
Not Applicable |
FortiOS 7.4 |
7.4.0 through 7.4.2 |
Upgrade to 7.4.3 or above |
FortiOS 7.2 |
7.2.0 through 7.2.6 |
Upgrade to 7.2.7 or above |
FortiOS 7.0 |
7.0.0 through 7.0.13 |
Upgrade to 7.0.14 or above |
FortiOS 6.4 |
6.4.0 through 6.4.14 |
Upgrade to 6.4.15 or above |
FortiOS 6.2 |
6.2.0 through 6.2.15 |
Upgrade to 6.2.16 or above |
FortiOS 6.0 |
6.0 all versions |
Migrate to a fixed release |
FortiProxy 7.4 |
7.4.0 through 7.4.2 |
Upgrade to 7.4.3 or above |
FortiProxy 7.2 |
7.2.0 through 7.2.8 |
Upgrade to 7.2.9 or above |
FortiProxy 7.0 |
7.0.0 through 7.0.14 |
Upgrade to 7.0.15 or above |
FortiProxy 2.0 |
2.0.0 through 2.0.13 |
Upgrade to 2.0.14 or above |
FortiProxy 1.2 |
1.2 all versions |
Migrate to a fixed release |
FortiProxy 1.1 |
1.1 all versions |
Migrate to a fixed release |
FortiProxy 1.0 |
1.0 all versions |
Migrate to a fixed release |
CVE-2024-23313
Fortinet notes that the additional mitigations below may be implemented:
- A “local in” policy that only allows connections from a specific IP will “reduce the attack surface but it won’t prevent the vulnerability from being exploited”
- The fgfm access may be removed from each interface
- Patches should be prioritized to address the vulnerability
Version |
Affected |
Solution |
FortiOS 7.4 |
7.4.0 through 7.4.2 |
Upgrade to 7.4.3 or above |
FortiOS 7.2 |
7.2.0 through 7.2.6 |
Upgrade to 7.2.7 or above |
FortiOS 7.0 |
7.0.0 through 7.0.13 |
Upgrade to 7.0.14 or above |
FortiPAM 1.2 |
1.2.0 |
Upgrade to 1.2.1 or above |
FortiPAM 1.1 |
1.1.0 through 1.1.2 |
Upgrade to 1.1.3 or above |
FortiPAM 1.0 |
1.0 all versions |
Migrate to a fixed release |
FortiProxy 7.4 |
7.4.0 through 7.4.2 |
Upgrade to 7.4.3 or above |
FortiProxy 7.2 |
7.2.0 through 7.2.8 |
Upgrade to 7.2.9 or above |
FortiProxy 7.0 |
7.0.0 through 7.0.14 |
Upgrade to 7.0.16 or above |
FortiSwitchManager 7.2 |
7.2.0 through 7.2.3 |
Upgrade to 7.2.4 or above |
FortiSwitchManager 7.0 |
7.0.0 through 7.0.3 |
Upgrade to 7.0.4 or above |
Additional Resources
https://thehackernews.com/2024/02/fortinet-warns-of-critical-fortios-ssl.html
https://www.fortiguard.com/psirt/FG-IR-24-015
https://www.fortiguard.com/psirt/FG-IR-24-029
https://www.theregister.com/2024/02/09/a_look_at_fortinet_week/
Share this
- Recent