Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution
Key Information
- Vendor
- Fortinet
- Status
- Fortiswitchmanager
- FortiOS
- Fortipam
- Fortiproxy
- Vendor
- CVE Published:
- 15 February 2024
Badges
Summary
The CVE-2024-23113 vulnerability in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager products is being actively exploited in the wild, with information from the CISA and Wiz researchers confirming this. The vulnerability allows unauthorized code execution via specially crafted packets, impacting a wide range of FortiOS versions. The potential impact is significant, leading to remote code or command execution by an unauthenticated attacker. The recommended mitigation is to upgrade or migrate to a fixed release, with specific versions provided for each affected product. Additionally, workarounds are available to mitigate the risk while waiting to apply the patch. The urgency of addressing this vulnerability is underscored by the observed rates of exploitation and the potential for significant disruption and compromise.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-23113 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
FortiSwitchManager <= 7.2.3
FortiSwitchManager <= 7.0.3
FortiOS <= 7.4.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
Help Net Security CVE-2024-23113Fortinet releases patches for undisclosed critical FortiManager vulnerability - Help Net Security
Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited.
1 month ago
Help Net Security CVE-2024-2311387,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) - Help Net Security
CISA added CVE-2024-23113 - a vulnerability that allows unauthenticated RCE on unpatched Fortinet FortiGate firewalls - to its KEV catalog.
1 month ago
watchTowr Labs - Blog CVE-2024-23113Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
Today we'd like to share a recent journey into (yet another) SSLVPN appliance vulnerability - a Format String vulnerability, unusually, in Fortinet's FortiGate devices. It affected (before patching) all currently-maintained branches, and recently was highlighted by CISA as being exploited-in-the-wi...
1 month ago
EPSS Score
1% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐ฅ
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
- ๐พ
Exploit exists.
Vulnerability published.
First article discovered by wiz.io
Vulnerability Reserved.