Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution
Key Information
- Vendor
- Fortinet
- Status
- FortiSwitchManager
- FortiOS
- FortiPAM
- FortiProxy
- Vendor
- CVE Published:
- 15 February 2024
Badges
Summary
The CVE-2024-23113 vulnerability in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager products is being actively exploited in the wild, with information from the CISA and Wiz researchers confirming this. The vulnerability allows unauthorized code execution via specially crafted packets, impacting a wide range of FortiOS versions. The potential impact is significant, leading to remote code or command execution by an unauthenticated attacker. The recommended mitigation is to upgrade or migrate to a fixed release, with specific versions provided for each affected product. Additionally, workarounds are available to mitigate the risk while waiting to apply the patch. The urgency of addressing this vulnerability is underscored by the observed rates of exploitation and the potential for significant disruption and compromise.
Affected Version(s)
FortiSwitchManager <= 7.2.3
FortiSwitchManager <= 7.0.3
FortiOS <= 7.4.2
News Articles
CISA warns Fortinet zero-day vulnerability under attack | TechTarget
Fortinet issued advisories for two critical zero-day vulnerabilities, but said one is 'potentially' under attack.
7 months ago
New FortiOS Critical Vulnerabilities Exploited In-The-Wild | Wiz Blog
Detect and mitigate CVE-2024-21762 and CVE-2024-23113, critical RCE vulnerabilities in FortiOS being exploited in-the-wild. Organizations should patch urgently
7 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
Vulnerability published.
First article discovered by wiz.io
Vulnerability Reserved.