Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution
CVE-2024-23113
Key Information
- Vendor
- Fortinet
- Status
- Fortiswitchmanager
- FortiOS
- Fortipam
- Fortiproxy
- Vendor
- CVE Published:
- 15 February 2024
Badges
What is CVE-2024-23113?
CVE-2024-23113 is a critical vulnerability found in Fortinet's FortiOS, which is designed to provide secure networking and threat management capabilities for organizations. This vulnerability allows unauthorized code execution through the manipulation of specially crafted packets. If exploited, it can lead to significant security breaches, as attackers can execute commands without proper authorization, potentially compromising sensitive data and disrupting network operations.
Technical Details
The vulnerability affects multiple versions of FortiOS (7.4.0 through 7.4.2, 7.2.0 through 7.2.6, and 7.0.0 through 7.0.13) as well as FortiProxy (7.4.0 through 7.4.2, 7.2.0 through 7.2.8, and 7.0.0 through 7.0.14) and FortiPAM (versions 1.2.0, 1.1.0 through 1.1.2, and 1.0.0 through 1.0.3). Additionally, it impacts FortiSwitchManager versions (7.2.0 through 7.2.3 and 7.0.0 through 7.0.3). The vulnerability is rooted in an externally-controlled format string flaw, allowing attackers to gain unauthorized access and execute arbitrary code within the affected systems.
Impact of the Vulnerability
-
Unauthorized Code Execution: The primary impact is that attackers can execute unauthorized commands on the affected devices, allowing them to take control of critical network infrastructure.
-
Data Breach Risks: Exploiting this vulnerability can lead to unauthorized access to sensitive data, jeopardizing confidentiality and compliance with data protection regulations.
-
Network Disruption: Attackers leveraging this vulnerability could potentially disrupt operations by manipulating network configurations or causing system failures, impacting overall service availability.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-23113 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
FortiSwitchManager <= 7.2.3
FortiSwitchManager <= 7.0.3
FortiOS <= 7.4.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
BankInfoSecurityCVE-2024-23113Fortinet Edge Devices Under Attack - Again
Hackers may have circumvented a months-old patch for Fortinet gateway devices leading to a warning from the U.S. federal government over its active exploitation.
1 month ago
Help Net SecurityCVE-2024-23113Fortinet releases patches for undisclosed critical FortiManager vulnerability - Help Net Security
Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited.
2 months ago
Help Net SecurityCVE-2024-2311387,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) - Help Net Security
CISA added CVE-2024-23113 - a vulnerability that allows unauthenticated RCE on unpatched Fortinet FortiGate firewalls - to its KEV catalog.
2 months ago
Refferences
EPSS Score
2% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🔴
Public PoC available
- 🔥
Vulnerability reached the number 1 worldwide trending spot
Vulnerability started trending
- 👾
Exploit known to exist
CISA Reported
Vulnerability published
First article discovered by wiz.io
Vulnerability Reserved