Federal authorities and security researchers have recently identified active exploitation of a critical format string vulnerability affecting four Fortinet products. The Cybersecurity and Infrastructure Security Agency (CISA) has listed this vulnerability (CVE-2024-23113) in its Known Exploited Vulnerabilities catalog.
Key Details:
- Vulnerability ID: CVE-2024-23113
- CVSS Score: 9.8 (Critical)
- Potential Impact: Exploitation could allow remote, unauthenticated attackers to execute arbitrary code or commands.
Products Affected:
- FortiOS Versions: 7.4.0 to 7.4.2, 7.2.0 to 7.2.6, 7.0.0 to 7.0.13
- FortProxy Versions: 7.4.0 to 7.4.2, 7.2.0 to 7.2.8, 7.0.0 to 7.0.15
- FortiPAM Versions: 1.2, 1.1, 1.0
- FortiSwitchManager Versions: 7.2.0 to 7.2.3, 7.0.0 to 7.03
Recent Exploits:
According to Fortinet and the research group Shadowserver, more than 87,000 Fortinet IPs may be vulnerable, with over 14,000 potentially impacted in the United States alone. Shadowserver’s findings suggest a large portion of U.S. infrastructure may be at risk.
What You Need to Know:
Fortinet has provided a workaround that involves removing FortiGate to FortiManager protocol access. If your organization uses Fortinet products, it’s crucial to review Fortinet’s guidance immediately to mitigate potential exploitation.
With Fortinet products facing sustained threat activity this year, as evidenced by the February disclosure of CVE-2024-21762, a continued review of system updates and patches is essential.
Immediate Recommendations:
- Follow Fortinet’s Mitigation Guidance: Implement the recommended workaround to remove FortiGate to FortiManager protocol access.
- Assess Vulnerable Versions: Check if your products fall within the affected versions and take steps to update or patch as necessary.
- Stay Alert: Monitor CISA’s and Fortinet’s advisories for the latest updates on this vulnerability and any new threat activities.