Critical Alert: FortiOS Vulnerable to Remote Code Execution (CVE-2024-23113)
On February 9, 2024, Fortinet disclosed a critical vulnerability in FortiOS that could leave systems wide open to remote exploitation. Dubbed CVE-2024-23113 (CVSS 9.8), this flaw has set the cybersecurity world abuzz, due to its potential to allow unauthenticated attackers to remotely execute code on affected devices.
This vulnerability exploits a format string flaw within the FortiOS fgfmd daemon, making it possible for attackers to craft malicious requests leading to remote code execution. The implications are dire, as it opens the door for attackers to infiltrate networks, siphon off sensitive data, or establish a foothold for further malicious activities.
To patch CVE-2024-23113, Fortinet recommends upgrading to
|7.4.0 through 7.4.2
|Upgrade to 7.4.3 or above
|7.2.0 through 7.2.6
|Upgrade to 7.2.7 or above
|7.0.0 through 7.0.13
|Upgrade to 7.0.14 or above
Fortinet has responded swiftly, recommending upgrades to patched versions of FortiOS across affected versions to mitigate the risk. Moreover, the advisory also outlines temporary workarounds, including configuring system interfaces to limit potential attack vectors. For each interface, remove the fgfm access, for example, change:
“Note that this will prevent FortiGate discovery from FortiManager. Connections from the FortiGate will still work,” Fortinet explained.
“Please also note that a local-in policy that only allows FGFM connections from a specific IP will reduce the attack surface but it won’t prevent the vulnerability from being exploited from this IP. As a consequence, this should be used as a mitigation and not as a complete workaround.”
This vulnerability was disclosed alongside another critical issue, CVE-2024-21762, with a rating of 9.6. However, the spotlight was on CVE-2024-21762, especially since it was reported as being actively exploited in the wild.