Vulnerabilities

CVE-2024-21762 - FortiOS Out of bounds write vulnerability / CVE-2024-23113 FortiOS format string vulnerability

This advisory is for organizations that use Fortinet products.  If you do not use Fortinet products, this advisory may be discarded.

Summary

Fortinet has released patches to address two vulnerabilities.  Both CVEs 2024-21762 and 2024-23113 are considered to be critical and easy to exploit for remote attackers.  It should be assumed that threat actors are actively hunting for opportunities to leverage these vulnerabilities to access and compromise organizational networks.  CISA has added the vulnerability CVE-2024-21762 to their catalog of known exploited vulnerabilities catalog.  Fortinet warns that 2024-21762 has been noted to be exploited in the wild. 

CVE-2024-21762 – Out of Bounds write in sslvpnd

              CVSSv3.1: 9.8

Invalid parameter validations present within FortiOS and FortiProxy SSL-VPN may allow an unauthenticated, remote attacker to send an HTTP request crafted to trigger an out of bounds write, permitting them to execute arbitrary code.

CVE-2024-23113

               CVSSv3: 9.8 - Format string bug in fgfmd

Format string vulnerability is present in the FortiOS fgfmd daemon, which is the FortiGate FortiManager and is enabled by default.  This may allow and unauthenticated remote attacker to send tailored requests to execute arbitrary code.

Affected Platforms and Mitigations

CVE-2024-21762

Prioritize patching.  No additional mitigations are noted.

Version

Affected

Solution

FortiOS 7.6

Not affected

Not Applicable

FortiOS 7.4

7.4.0 through 7.4.2

Upgrade to 7.4.3 or above

FortiOS 7.2

7.2.0 through 7.2.6

Upgrade to 7.2.7 or above

FortiOS 7.0

7.0.0 through 7.0.13

Upgrade to 7.0.14 or above

FortiOS 6.4

6.4.0 through 6.4.14

Upgrade to 6.4.15 or above

FortiOS 6.2

6.2.0 through 6.2.15

Upgrade to 6.2.16 or above

FortiOS 6.0

6.0 all versions

Migrate to a fixed release

FortiProxy 7.4

7.4.0 through 7.4.2

Upgrade to 7.4.3 or above

FortiProxy 7.2

7.2.0 through 7.2.8

Upgrade to 7.2.9 or above

FortiProxy 7.0

7.0.0 through 7.0.14

Upgrade to 7.0.15 or above

FortiProxy 2.0

2.0.0 through 2.0.13

Upgrade to 2.0.14 or above

FortiProxy 1.2

1.2 all versions

Migrate to a fixed release

FortiProxy 1.1

1.1 all versions

Migrate to a fixed release

FortiProxy 1.0

1.0 all versions

Migrate to a fixed release

 

CVE-2024-23313

Fortinet notes that the additional mitigations below may be implemented:

  • A “local in” policy that only allows connections from a specific IP will “reduce the attack surface but it won’t prevent the vulnerability from being exploited”
  • The fgfm access may be removed from each interface
  • Patches should be prioritized to address the vulnerability

Version

Affected

Solution

FortiOS 7.4

7.4.0 through 7.4.2

Upgrade to 7.4.3 or above

FortiOS 7.2

7.2.0 through 7.2.6

Upgrade to 7.2.7 or above

FortiOS 7.0

7.0.0 through 7.0.13

Upgrade to 7.0.14 or above

FortiPAM 1.2

1.2.0

Upgrade to 1.2.1 or above

FortiPAM 1.1

1.1.0 through 1.1.2

Upgrade to 1.1.3 or above

FortiPAM 1.0

1.0 all versions

Migrate to a fixed release

FortiProxy 7.4

7.4.0 through 7.4.2

Upgrade to 7.4.3 or above

FortiProxy 7.2

7.2.0 through 7.2.8

Upgrade to 7.2.9 or above

FortiProxy 7.0

7.0.0 through 7.0.14

Upgrade to 7.0.16 or above

FortiSwitchManager 7.2

7.2.0 through 7.2.3

Upgrade to 7.2.4 or above

FortiSwitchManager 7.0

7.0.0 through 7.0.3

Upgrade to 7.0.4 or above

 

Additional Resources

https://www.cisa.gov/news-events/alerts/2024/02/09/cisa-adds-one-known-exploited-vulnerability-catalog

https://www.bleepingcomputer.com/news/security/new-fortinet-rce-bug-is-actively-exploited-cisa-confirms/

https://thehackernews.com/2024/02/fortinet-warns-of-critical-fortios-ssl.html

https://www.fortiguard.com/psirt/FG-IR-24-015

https://www.fortiguard.com/psirt/FG-IR-24-029

https://www.theregister.com/2024/02/09/a_look_at_fortinet_week/