3:00pm, 9 February 2024
TLP Rating:
Multiple RCE vulnerabilities affecting Fortinet products
UPDATED: 14/02/24
Fortinet has released advisories for two new vulnerabilities impacting FortiOS, FortiProxy, FortiPAM and FortiSwitchManager devices.
The vulnerabilities, tracked as CVE-2024-21762 and CVE-2024-23113, may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
Fortinet has indicated CVE-2024-21762 is potentially being exploited in the wild.
What to look for
How to tell if you're at risk
CVE-2024-21762 affects the following products.
FortiOS versions:
· 7.4.0 through 7.4.2
· 7.2.0 through 7.2.6
· 7.0.0 through 7.0.13
· 6.4.0 through 6.4.14
· 6.2.0 through 6.2.15
· 6.0 all versions,
FortiProxy versions:
· 7.4.0 through 7.4.2
· 7.2.0 through 7.2.8
· 7.0.0 through 7.0.14
· 2.0.0 through 2.0.13
· 1.2 all versions
· 1.1 all versions
· 1.0 all versions
CVE-2024-23113 affects the following products.
FortiOS versions:
- 7.4.0 through 7.4.2
- 7.2.0 through 7.2.6
- 7.0.0 through 7.0.13,
FortiPAM versions:
- 1.2.0
- 1.1.0 through 1.1.2,
FortiProxy versions:
· 7.4.0 through 7.4.2
· 7.2.0 through 7.2.8
· 7.0.0 through 7.0.14,
FortiSwitchManager versions:
· 7.2.0 through 7.2.3
· 7.0.0 through 7.0.3
Note: Version 7.6 is not affected by either vulnerability.
What to do
Prevention
Fortinet recommends updating to the latest versions available. Please check their advisory page for further details.
Mitigation
Fortinet has included disabling SSL VPN as a workaround specifically for CVE-2024-21762.
For CVE-2024-23113, Fortinet has advised removing FGFM access or restricting access to FGFM for each interface. More details are available on their advisory page.
More information
Further details can be found on the official Fortinet website:
CVE-2024-21762 | FortiGuard External Link
CVE-2024-23113 | Fortiguard External Link
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.