FortiOS SSL-VPN/FGFM vulnerability
This live blog contains information regarding a FortiOS SSL-VPN/FGFM vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on February 9, 2024.
T-Update
This live blog contains information regarding a FortiOS SSL-VPN/FGFM vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on February 9, 2024.
Update 9 February 2024
16:00 | On the 8th of February 2024, Fortinet published an Advisory in which they describe CVE-2024-21762. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code via the FortiOS SSL VPN interface using specially crafted requests.
In a different Advisory, also published on the 8th of February, Fortinet describes CVE-2024-23113. This vulnerability in the FortiOS FortiGate-to-FortiManager (FGFM) interface may also allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The impact of this vulnerability is expected to be less critical as the interface is not publicly exposed in most cases.
Both vulnerabilities are already being exploited in the wild, but no public exploit code is available for these vulnerabilities. Both vulnerabilities are solved with the latest software updates for supported versions of FortiOS. Additionally, Fortinet has provided some workarounds.
As the vulnerabilities are already exploited in the wild, combined with the (potential) exposed character of the affected solutions, these vulnerabilities are very critical and must be remediated as soon as possible!
Background
On the 8th of February 2024, Fortinet published an Advisory in which they describe CVE-2024-21762. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code via the FortiOS SSL VPN interface using specially crafted requests. In a different Advisory, also published on the 8th of February, Fortinet describes CVE-2024-23113. This vulnerability in the FortiOS FortiGate-to-FortiManager (FGFM) interface may also allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The impact of this vulnerability is expected to be less critical as the interface is not publicly exposed in most cases. Both vulnerabilities are already being exploited in the wild, but no public exploit code is available for these vulnerabilities. Both vulnerabilities are solved with the latest software updates for supported versions of FortiOS. Additionally, Fortinet has provided some workarounds. As the vulnerabilities are already exploited in the wild, combined with the (potential) exposed character of the affected solutions, these vulnerabilities are very critical and must be remediated as soon as possible!
Risk
Both CVE-2024-21762 and CVE-2024-23113 allow an unauthenticated attacker to execute arbitrary code or commands via specially crafted requests to either the SSL-VPN or FGFM daemon. Both vulnerabilities have a CVSSv3-score of 9.8. The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact.
Fortinet is aware of an instance where these vulnerabilities were exploited in the wild, but no public exploit code is available.
Advice
Vulnerability CVE-2024-21762 in the FortiOS SSL VPN interface exists in the following versions and can be solved by upgrading to the given versions:
Sources
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.
