Fortinet has released a security update with the fixes for 15 vulnerabilities that affect multiple products with distinct security issues, ranging from critical to high severity.
- FortiOS
- FortiManager
- FortiAnalyzer
- FortiSwitch
- FortiProxy
- FortiClientEMS
- FortiWeb
- Several other Fortinet security appliances and software
Among the most severe issues resolved is a critical vulnerability (CVE-2024-55591) affecting FortiOS and FortiProxy. This flaw could potentially allow authentication bypass, posing a significant risk to affected systems.
“An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module”.”
Another critical vulnerability (CVE-2023-37936) in FortiSwitch products could lead to unauthenticated remote code execution due to the use of hardcoded cryptographic keys.
“An improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.”
These issues, handled by the dedicated Fortinet Product Security Incident Response Team (PSIRT), have been addressed to ensure heightened security and stability for users.
Details of the latest advisories, including affected products, severity, and mitigation steps, are now available. Fortinet also provides resources such as its PSIRT Policy for reporting issues and an Upgrade Path Tool Table to help users update to recommended software versions.
Key Resolved Vulnerabilities
| Title | CVE | Severity | Description | Affected Products |
|---|---|---|---|---|
| Admin Account Persistence after Deletion | CVE-2024-47571 | High | An operation on a resource after expiration or release vulnerability (CWE-672). | FortiManager (7.4.0, 7.2.3, 7.0.8, 7.0.7, 6.4.12) |
| Arbitrary File Write on GUI | CVE-2024-36512 | High | A relative path traversal vulnerability (CWE-23) allowing privileged attackers to write files arbitrarily. | FortiAnalyzer (7.4.x, 7.2.5), FortiManager (7.4.x, 7.2.5) |
| Authentication Bypass in Node.js Websocket Module | CVE-2024-55591 | Critical | Authentication bypass using an alternate path or channel (CWE-288). | FortiOS (7.0.x), FortiProxy (7.2.x) |
| Heap Overflow in Chrome/libwebp | CVE-2023-4863 | High | A heap overflow vulnerability in Google Chrome’s libwebp component impacting Fortinet products. | FortiClientEMS, FortiClientLinux, FortiClientMac, FortiClientWindows, FortiSOAR |
| Command Injection in csfd Daemon | CVE-2024-46662 | High | Improper neutralization of special elements in OS command (CWE-78). | FortiManager (7.4.x), FortiManager Cloud (7.4.x) |
| EMS Console Login under Brute Force Attack Does Not Get Locked | CVE-2024-23106 | High | Improper restriction of excessive authentication attempts (CWE-307). | FortiClientEMS (7.2.x, 7.0.x) |
| Hardcoded Session Secret Leading to Remote Code Execution | CVE-2023-37936 | Critical | Hardcoded cryptographic key vulnerability (CWE-321). | FortiSwitch (7.4.0, 7.2.x) |
| Missing Authentication for Managed Device Configurations | CVE-2024-35277 | High | Missing authentication for critical function vulnerability (CWE-306). | FortiManager (7.4.x, 7.2.x), FortiManager Cloud (7.4.x, 7.2.x) |
| Multipart Form Data Denial of Service | CVE-2024-46668 | High | Resource allocation without limits or throttling (CWE-770). | FortiOS (7.4.x) |
| OS Command Injection | CVE-2024-50566 | High | Improper neutralization of special elements in OS command (CWE-78). | FortiManager (7.6.x, 7.4.x), FortiManager Cloud (7.4.x) |
| Out-of-Bounds Read in IPsec IKE | CVE-2024-46670 | High | Out-of-bounds read vulnerability (CWE-125). | FortiOS (7.6.0, 7.4.x) |
| Out-of-Bounds Write in sndproxy | CVE-2024-35273 | High | Out-of-bounds write vulnerability (CWE-787). | FortiAnalyzer (7.4.x), FortiAnalyzer Cloud (7.4.x), FortiManager (7.4.x), FortiManager Cloud (7.4.x) |
| Path Traversal in csfd Daemon | CVE-2024-48884 | High | Improper limitation of pathname to restricted directory (CWE-22). | FortiManager (7.6.x, 7.4.x), FortiManager Cloud (7.4.x), FortiOS (7.6.x, 7.4.x), FortiProxy (7.4.x), FortiRecorder (7.2.x, 7.0.x), FortiVoice (7.0.x), FortiWeb (7.6.x, 7.4.x) |
| Restricted Shell Escape via Argument Injection | CVE-2023-37937 | High | Improper neutralization of special elements in OS command (CWE-78). | FortiSwitch (7.4.0, 7.2.x) |
| Weak Authentication in csfd Daemon | CVE-2024-48886 | High | Weak authentication vulnerability (CWE-1390). | FortiAnalyzer (7.6.x, 7.4.x), FortiAnalyzer Cloud (7.4.x), FortiManager (7.6.x, 7.4.x), FortiManager Cloud (7.4.x), FortiOS (7.4.x), FortiProxy (7.4.x) |
Recommended Actions for Users
Fortinet urges users to:
- Review the detailed advisories and identify affected products and versions.
- Upgrade to the latest recommended versions using Fortinet’s Upgrade Path Tool Table.
- Follow the mitigation and patching guidelines provided for each vulnerability.
Security patches and updates can be downloaded from Fortinet’s official support portal.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free