CVE-2024-21762 and CVE-2024-23113 are critical vulnerabilities in Fortinet's FortiOS and FortiProxy; they received a CVSS score of 9.6 and 9.8, respectively. Both vulnerabilities could allow a remote unauthenticated attacker to execute arbitrary code or commands, and CVE-2024-21762 is reportedly being exploited in the wild. Fortinet guidance recommends to upgrade FortiOS instances to patched versions as soon as possible. Wiz customers can use the pre-built query and advisory in the Wiz Threat Center to search for vulnerable instances in their environment.
The vulnerability identified as CVE-2024-21762, rated with a CVSS score of 9.6, stems from improper parameter validation within FortiOS SSL-VPN. It can be exploited by a remote, unauthenticated attacker through specially crafted HTTP requests, leading to a scenario where bytes are copied beyond the buffer's limits. This results in memory corruption and the redirection of process flow, potentially allowing the execution of arbitrary code or commands.
Similarly, CVE-2024-23113, carrying a CVSS score of 9.8, is attributed to a format string vulnerability found in the FortiOS fgfmd daemon. This flaw could enable a remote attacker, without any authentication, to execute arbitrary code or commands by sending specifically tailored requests. Note that this vulnerability only affects more recent product versions (dating back to March 2022).
Fortinet’s advisory states that CVE-2024-21762 is “potentially being exploited in the wild,” and that statement was followed by CISA adding CVE-2024-21762 to its Known Exploited Vulnerabilities catalog (KEV) and wrote “These types of vulnerabilities are frequent attack vectors for malicious cyber actors.
Based on Wiz data, 8% of cloud environments have resources vulnerable to CVE-2024-21762 or CVE-2024-23113, while 5% have publicly exposed instances.
| Product | Affected version | Remediation |
|---|---|---|
| FortiOS 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above |
| FortiPAM 1.2 | 1.2.0 | Upgrade to 1.2.1 or above |
| FortiPAM 1.1 | 1.1.0 through 1.1.2 | Upgrade to 1.1.3 or above |
| FortiPAM 1.0 | 1.0 all versions | Migrate to a fixed release |
| FortiProxy 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiProxy 7.2 | 7.2.0 through 7.2.8 | Upgrade to 7.2.9 or above |
| FortiProxy 7.0 | 7.0.0 through 7.0.14 | Upgrade to 7.0.16 or above |
| Product | Affected version | Remediation |
|---|---|---|
| FortiOS 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above |
| FortiOS 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
| FortiOS 6.2 | 6.2.0 through 6.2.15 | Upgrade to 6.2.16 or above |
| FortiOS 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiProxy 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiProxy 7.2 | 7.2.0 through 7.2.8 | Upgrade to 7.2.9 or above |
| FortiProxy 7.0 | 7.0.0 through 7.0.14 | Upgrade to 7.0.15 or above |
| FortiProxy 2.0 | 2.0.0 through 2.0.13 | Upgrade to 2.0.14 or above |
| FortiProxy 1.2 | 1.2 all versions | Migrate to a fixed release |
| FortiProxy 1.1 | 1.1 all versions | Migrate to a fixed release |
| FortiProxy 1.0 | 1.0 all versions | Migrate to a fixed release |
If you are unable to patch affected instances, it is possible to mitigate CVE-2024-21762 by disabling SSL VPN as a workaround.
If you are unable to patch affected instances, it is possible to mitigate CVE-2024-23113 by removing FGFM access for each interface, as described in Fortinet's advisory (this will prevent FortiGate discovery from FortiManager, but connections from the FortiGate will still work).
Wiz customers can use the pre-built query and advisory in the Wiz Threat Center to search for vulnerable instances in their environment.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。