Alert - Vulnerabilities impacting Fortinet FortiOS

From: Canadian Centre for Cyber Security

Number: AL24-003
Date: February 9, 2024

Audience

This Alert is intended for IT professionals and managers.

Purpose

An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details

On February 8, 2024, the Cyber Centre became aware of vulnerabilities impacting multiple versions of Fortinet FortiOS. In response to this advisory the Cyber Centre released advisory AV24-074 on February 9, 2024Footnote 1.

Fortinet reports that CVE-2024-21762 is an out-of-bounds write vulnerability in SSL VPN that may allow a remote unauthenticated threat actor to execute arbitrary code and commands via specially crafted HTTP requestFootnote 2. Fortinet has indicated that CVE-2024-21762 may have been exploited in the wild. 

A second significant vulnerability (CVE-2024-23113) was reported which is a format string bug within the FortiOS FortiGate to FortiManager (fgfmd) protocol.  The vulnerability may allow a remote, unauthenticated threat actor to execute arbitrary code or commands via specially crafted requestsFootnote 3. Fortinet has not indicated that this vulnerability has been exploited.

On February 9, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) updated their Known Exploited Vulnerabilities (KEV) Catalog in response to the Fortinet FortiOS out-of-bound write vulnerability CVE-2024-21762Footnote 4.

Suggested actions

Fortinet recommends as a temporary workaround, to disable the SSL-VPN service until patching can be completed for CVE-2024-21762Footnote 2.

In regard to CVE-2024-23113, Fortinet also recommends that organizations consider whether there is a need to expose the fgfm daemon (port 541) to the internet for inbound connections, until patching can be completedFootnote 3.

The Cyber Centre strongly recommends that organizations determine if any Fortinet devices need to be patched to remediate these vulnerabilities.

Version:

  • FortiOS 7.6 - Affected: Not affected - Solution: Not Applicable
  • FortiOS 7.4 - Affected: 7.4.0 to 7.4.2 - Solution: Upgrade to 7.4.3 or above
  • FortiOS 7.2 - Affected: 7.2.0 to 7.2.6 - Solution: Upgrade to 7.2.7 or above
  • FortiOS 7.0 - Affected: 7.0.0 to 7.0.13 - Solution: Upgrade to 7.0.14 or above
  • FortiOS 6.4 - Affected: 6.4.0 to 6.4.14 - Solution: Upgrade to 6.4.15 or above
  • FortiOS 6.2 - Affected: 6.2.0 to 6.2.15 - Solution: Upgrade to 6.2.16 or above
  • FortiOS 6.0 - Affected: 6.0 all versions - Solution: Migrate to a fixed release

Organizations should also review and implement the Cyber Centre’s Top 10 IT Security Actions Footnote 5 with an emphasis on the following topics:

  • Consolidating, monitoring, and defending Internet gateways.
  • Patching operating systems and applications.
  • Isolate web-facing applications

Should activity matching the content of this alert be discovered, recipients are encouraged to report via the My Cyber Portal, or email contact@cyber.gc.ca.

Partner Reporting

ACSC - Critical Vulnerability in FortiOS 

NCSC-NZ - Cyber Security Alert: CVEs affecting FortiOS SSL VPN

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: