CVE-2024-21762 and CVE-2024-23113 - Fortinet FortiOS Vulnerabilities Under Active Exploit
Fortinet has been busy patching several critical vulnerabilities in their popular FortiOS firewall platform. According to advisories and reports from Fortinet's PSIRT team as well as third-party researchers, a number of these flaws have already been exploited actively in targeted attacks.
CVE-2024-21762 - Out-of-Bounds Write RCE
The Fortinet PSIRT published advisory FG-IR-24-015 detailing an out-of-bounds write vulnerability (CVE-2024-21762) affecting FortiOS SSL VPN. This critical RCE flaw impacts FortiOS versions 7.2.0 through 7.2.6 and 7.0.0 through 7.0.13. Fortinet recommends upgrading to patched versions or the other workaround is disabling SSL VPN (disable webmode is NOT a valid workaround). According to the advisory, this vulnerability is currently being exploited in the wild.
| Version | Affected | Solution |
|---|---|---|
| FortiOS 7.6 | Not affected | Not Applicable |
| FortiOS 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above |
| FortiOS 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
| FortiOS 6.2 | 6.2.0 through 6.2.15 | Upgrade to 6.2.16 or above |
| FortiOS 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiProxy 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiProxy 7.2 | 7.2.0 through 7.2.8 | Upgrade to 7.2.9 or above |
| FortiProxy 7.0 | 7.0.0 through 7.0.14 | Upgrade to 7.0.15 or above |
| FortiProxy 2.0 | 2.0.0 through 2.0.13 | Upgrade to 2.0.14 or above |
| FortiProxy 1.2 | 1.2 all versions | Migrate to a fixed release |
| FortiProxy 1.1 | 1.1 all versions | Migrate to a fixed release |
| FortiProxy 1.0 | 1.0 all versions | Migrate to a fixed release |
CVE-2024-23113 Format String RCE
Another advisory, FG-IR-24-029, covers a format string vulnerability (CVE-2024-23113) affecting the FortiOS fgfmd daemon. Impacted versions include 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, and 7.0.0 through 7.0.13. As with the previous flaw, Fortinet recommends upgrading to a patched release.
| Version | Affected | Solution |
|---|---|---|
| FortiOS 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above |
| FortiPAM 1.2 | 1.2.0 | Upgrade to 1.2.1 or above |
| FortiPAM 1.1 | 1.1.0 through 1.1.2 | Upgrade to 1.1.3 or above |
| FortiPAM 1.0 | 1.0 all versions | Migrate to a fixed release |
| FortiProxy 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiProxy 7.2 | 7.2.0 through 7.2.8 | Upgrade to 7.2.9 or above |
| FortiProxy 7.0 | 7.0.0 through 7.0.14 | Upgrade to 7.0.15 or above |
| FortiSwitchManager 7.2 | 7.2.0 through 7.2.3 | Upgrade to 7.2.4 or above |
| FortiSwitchManager 7.0 | 7.0.0 through 7.0.3 | Upgrade to 7.0.4 or above |
Potential Exploits by APT Groups
Research from BleepingComputer and SecurityWeek suggests that Chinese APT groups including Volt Typhoon, APT15, and APT31 have been actively taking advantage of these vulnerabilities in targeted attacks.
Nessus Plugin for Detection and Patching
Tenable has released Nessus plugin 190239 to help organizations detect if their Fortinet devices are vulnerable and in need of upgrading to a patched version.
Additional FortiSIEM Vulnerabilities Addressed
In a separate advisory, Fortinet also addressed two critical remote code execution vulnerabilities (CVE-2023-35081 and CVE-2023-35082) impacting its FortiSIEM product. Patches were released as covered by SecurityAffairs.
Admins are strongly urged to check their Fortinet VPN and firewall products for applicability of the above advisories, given active threats targeting these serious flaws impacting FortiOS and leaving systems exposed if exploited. Timely patching is recommended given evidence of attacks.