Fortinet has disclosed a critical vulnerability in its FortiOS and FortiProxy captive portal systems, potentially allowing attackers to execute arbitrary code through specially crafted HTTP requests.
This revelation underscores the ongoing challenges in safeguarding digital infrastructures against sophisticated threats.
Technical Breakdown of the Vulnerability
The vulnerability, identified as an out-of-bounds write issue [CWE-787] and a stack-based buffer overflow [CWE-121], affects multiple versions of FortiOS and FortiProxy.
Specifically, the impacted versions are FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, and 6.2.0 through 6.2.15, along with FortiProxy versions 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, and 2.0.0 through 2.0.13.
An attacker with access to the captive portal can exploit these vulnerabilities by sending specially crafted HTTP requests, which can lead to unauthorized code or command execution within the system.
This flaw poses a significant risk, as it could allow attackers to gain control over affected systems, potentially leading to data theft, system compromise, and further network infiltration.
Impact on Users
The implications of this vulnerability are far-reaching, affecting a broad spectrum of Fortinet’s user base.
Organizations utilizing the affected FortiOS and FortiProxy versions are at risk of targeted attacks that could compromise sensitive information and disrupt critical operations.
The vulnerability’s severity is underscored by its potential to allow attackers to execute arbitrary code, which can be leveraged for a wide range of malicious activities.
Affected Products and Versions
The vulnerabilities affect a range of Fortinet products across various versions:
- FortiOS versions 7.4.0 to 7.4.1
- FortiOS versions 7.2.0 to 7.2.5
- FortiOS versions 7.0.0 to 7.0.12
- FortiOS versions 6.4.0 to 6.4.14
- FortiOS versions 6.2.0 to 6.2.15
- FortiProxy version 7.4.0
- FortiProxy versions 7.2.0 to 7.2.6
- FortiProxy versions 7.0.0 to 7.0.12
- FortiProxy versions 2.0.0 to 2.0.13
Fortinet has released software updates to address these vulnerabilities. Users are urged to upgrade their systems to the following versions or higher:
- FortiOS version 7.4.2
- FortiOS version 7.2.6
- FortiOS version 7.0.13
- FortiOS version 6.4.15
- FortiOS version 6.2.16
- FortiProxy version 7.4.1
- FortiProxy version 7.2.7
- FortiProxy version 7.0.13
- FortiProxy version 2.0.14
Additionally, Fortinet has remediated the issue in FortiSASE version 23.3.b in Q3/23, so customers using this version need not take any further action.
The FMWP database update 23.105 also includes a virtual patch named “FortiOS.Captive.Portal.Out.Of.Bounds.Write.”
The vulnerabilities were internally discovered and reported by Gwendal Guégniaud of the Fortinet Product Security Team.
The initial publication of these findings was on February 27, 2024.
Fortinet customers are advised to review the provided solutions and apply the necessary updates or workarounds to ensure their systems are protected against the potential exploitation of these vulnerabilities.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.