87,000+ FortiOS Devices Vulnerable to Remote Code Execution Attacks

   October 14, 2024  Posted in CyberSecurityNews


A critical security vulnerability affecting over 87,000 FortiOS devices has been discovered, leaving them exposed to potential remote code execution (RCE) attacks.

The flaw, identified as CVE-2024-23113, impacts multiple versions of FortiOS, FortiProxy, FortiPAM, and FortiWeb products.

SIEM as a Service

The vulnerability stems from a use of externally-controlled format string in the FortiOS fgfmd daemon, which allows unauthenticated remote attackers to execute arbitrary code or commands through specially crafted requests.

This critical flaw has been assigned a CVSS score of 9.8 out of 10, indicating its severe nature.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

According to Shadowserver scans, approximately 87,390 IP addresses associated with potentially vulnerable Fortinet devices have been identified. The United States leads with 14,000 affected devices, followed by Japan (5,100) and India (4,800).

87,000+ FortiOS Devices Vulnerable to Remote Code Execution Attacks
Image Credits (Shadowserver)

The vulnerability impacts FortiOS versions 7.0 through 7.4.2, as well as various versions of FortiPAM, FortiProxy, and FortiWeb. Fortinet has released patches for the affected products and strongly recommends users upgrade to the latest secure versions.

  • FortiOS 7.4: 7.4.0 through 7.4.2 – Upgrade to 7.4.3 or above
  • FortiOS 7.2: 7.2.0 through 7.2.6 – Upgrade to 7.2.7 or above
  • FortiOS 7.0: 7.0.0 through 7.0.13 – Upgrade to 7.0.14 or above
  • FortiPAM 1.2: All versions – Migrate to a fixed release
  • FortiPAM 1.1: All versions – Migrate to a fixed release
  • FortiPAM 1.0: All versions – Migrate to a fixed release
  • FortiProxy 7.4: 7.4.0 through 7.4.2 – Upgrade to 7.4.3 or above
  • FortiProxy 7.2: 7.2.0 through 7.2.8 – Upgrade to 7.2.9 or above
  • FortiProxy 7.0: 7.0.0 through 7.0.15 – Upgrade to 7.0.16 or above
  • FortiWeb 7.4: 7.4.0 through 7.4.2 – Upgrade to 7.4.3 or above

As a temporary workaround, Fortinet advises removing fgfm access for each interface. However, this may prevent FortiGate discovery from FortiManager.

Exploitation in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-23113 to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation in the wild.

This development has prompted CISA to order federal agencies to patch their FortiOS devices within three weeks, by October 30.

Given the widespread use of Fortinet products in enterprise and government networks, this vulnerability poses a significant risk to organizations worldwide. Security experts urge immediate action to mitigate the threat:

  1. Upgrade affected devices to the latest patched versions.
  2. Implement recommended workarounds if immediate patching is not possible.
  3. Monitor systems for any signs of unauthorized access or suspicious activity.
  4. Conduct a thorough security audit of network infrastructure.

As threat actors continue to target known vulnerabilities, prompt action is crucial to protect critical infrastructure and sensitive data from potential compromise.

Strategies to Protect Websites & APIs from Malware Attack => Free Webinar



Source link