The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a remote code execution (RCE) vulnerability in Fortinet products, identified as CVE-2024-23113.
Attackers are reportedly actively exploiting this vulnerability, which poses significant risks to organizations using affected Fortinet software.
CVE-2024-23113 is a format string vulnerability that affects multiple Fortinet products, including FortiOS, FortiPAM, FortiProxy, and FortiWeb.
The flaw arises from the use of an externally-controlled format string within the fgfmd daemon, which handles authentication requests and manages keep-alive messages.
This vulnerability allows remote, unauthenticated attackers to execute arbitrary code or commands on unpatched devices through specially crafted requests.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
The vulnerability is considered critical, with a CVSS score of 9.8 out of 10, indicating its severe impact on confidentiality, integrity, and availability. The affected versions include FortiOS 7.0 and, later, FortiPAM 1.0 and higher, FortiProxy 7.0 and above, and FortiWeb 7.4.
Exploitation in the Wild
CISA has confirmed that this vulnerability is being actively exploited in the wild. Attackers are leveraging this flaw to gain unauthorized access to vulnerable systems without requiring user interaction or elevated privileges, making it a low-complexity attack vector.
The exploitation of this vulnerability poses significant risks to organizations, especially those using these products in critical infrastructure.
Fortinet has already released patches to address the CVE-2024-23113 vulnerability. Organizations are strongly advised to upgrade their systems to the latest versions as follows:
- FortiOS: Upgrade to version 7.4.3 or above.
- FortiProxy: Upgrade to version 7.4.3 or above.
- FortiPAM: Upgrade to version 1.2.1 or above.
- FortiWeb: Upgrade to version 7.4.3 or above.
In addition to applying patches, administrators should consider implementing network segmentation and access controls to limit potential attack vectors.
Removing fgfm access to all interfaces can serve as a temporary mitigation measure until patches are applied.
CISA has added CVE-2024-23113 to its Known Exploited Vulnerabilities Catalog, mandating U.S. federal agencies to patch affected systems by October 30, 2024.
Organizations must act swiftly to apply patches and implement mitigation strategies to protect their systems from unauthorized access and potential data breaches.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar