Fortinet Patches Critical Flaws That Let Hackers Take Control of The System


Fortinet has released critical security updates to address multiple product vulnerabilities, including FortiOS, FortiAnalyzer, FortiManager, and FortiClient Windows. If left unpatched, these flaws could allow attackers to take control of affected systems.

One of the most severe vulnerabilities, tracked as CVE-2024-47575, affects FortiManager and has been actively exploited in the wild. With a CVSS score of 9.8, this critical flaw allows remote unauthenticated attackers to execute arbitrary code or commands via specially crafted requests.

SIEM as a Service

Fortinet has confirmed that attackers have been automating the exfiltration of sensitive files containing IPs, credentials, and configurations of managed devices.

Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)

Critical Vulnerabilities Patched

  1. CVE-2024-23666: A client-side enforcement vulnerability in FortiAnalyzer and FortiManager that allows authenticated users with read-only permissions to execute sensitive operations.
  2. CVE-2023-50176: A session fixation vulnerability in FortiOS SSL-VPN that could lead to session hijacking via phishing SAML authentication links.
  3. CVE-2024-36513: A privilege escalation flaw in FortiClient Windows that allows authenticated users to elevate their privileges using Lua auto patch scripts.
  4. CVE-2024-47574: An authentication bypass vulnerability in FortiClient Windows that could enable low-privilege attackers to execute arbitrary code with high privileges.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the FortiManager vulnerability (CVE-2024-47575) to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch the flaw by November 13, 2024.

Fortinet urges all customers to review the security advisories and apply the necessary updates immediately. The company emphasizes the importance of keeping systems up-to-date as the first defense against exploitation.

Cybersecurity experts warn that these vulnerabilities could severely affect organizational security and user trust. Failure to address such flaws could lead to data breaches, financial losses, and reputational damage.

As cyber threats continue to evolve, organizations must maintain a proactive security posture, especially regarding widely used products like FortiOS.

Regular security reviews, staying informed about potential threats, and promptly applying security updates are crucial to protecting digital infrastructure.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!



Source link