{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2024-018.pdf" }, "title": "Critical Vulnerabilities in FortiOS", "serial_number": "2024-018", "publish_date": "09-02-2024 08:56:16", "description": "On February 9, 2024, Fortinet released an advisory regarding critical vulnerabilities affecting FortiOS that, if exploited, would allow a remote and unauthenticated to execute code on the affected device.
\nOne of the critical vulnerabilities is potentially being exploited in the wild. It is recommended updating as soon as possible.
\n", "url_title": "2024-018", "content_markdown": "---\ntitle: 'Critical Vulnerabilities in FortiOS'\nnumber: '2024-018'\nversion: '1.0'\noriginal_date: 'February 9, 2024'\ndate: 'February 9, 2024'\n---\n\n_History:_\n\n* _09/02/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn February 9, 2024, Fortinet released an advisory regarding critical vulnerabilities affecting FortiOS that, if exploited, would allow a remote and unauthenticated to execute code on the affected device.\n\nOne of the critical vulnerabilities is potentially being exploited in the wild. It is recommended updating as soon as possible.\n\n# Technical Details\n\nThe vulnerability **CVE-2024-21762** [1], with a CVSS score of 9.8, is due to incorrect parameter checks in FortiOS SSL-VPN. When exploited by a remote and unauthenticated attacker via crafted HTTP requests, a reduced number of bytes could be copied outside buffer bounds, leading to memory corruption and flow redirection. This allows execution of arbitrary code or command.\n\nThe vulnerability **CVE-2024-23113** [2], with a CVSS score of 9.8, is due to an externally controlled format string vulnerability in FortiOS fgfmd daemon, and may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.\n\n# Affected Products\n\nThe following product versions are affected:\n\n- FortiOS version 7.4.0 through 7.4.2;\n- FortiOS version 7.2.0 through 7.2.6;\n- FortiOS version 7.0.0 through 7.0.13; \n- FortiOS version 6.4.0 through 6.4.14;\n- FortiOS version 6.2.0 through 6.2.15;\n- FortiOS 6.0 all versions (only affected by CVE-2024-21762).\n\n# Recommendations\n\nCERT-EU recommends updating or upgrading to a non-vulnerable version of the product as soon as possible.\n\n# References\n\n[1] \n\n[2] \n", "content_html": "

History:

Summary

On February 9, 2024, Fortinet released an advisory regarding critical vulnerabilities affecting FortiOS that, if exploited, would allow a remote and unauthenticated to execute code on the affected device.

One of the critical vulnerabilities is potentially being exploited in the wild. It is recommended updating as soon as possible.

Technical Details

The vulnerability CVE-2024-21762 [1], with a CVSS score of 9.8, is due to incorrect parameter checks in FortiOS SSL-VPN. When exploited by a remote and unauthenticated attacker via crafted HTTP requests, a reduced number of bytes could be copied outside buffer bounds, leading to memory corruption and flow redirection. This allows execution of arbitrary code or command.

The vulnerability CVE-2024-23113 [2], with a CVSS score of 9.8, is due to an externally controlled format string vulnerability in FortiOS fgfmd daemon, and may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.

Affected Products

The following product versions are affected:

Recommendations

CERT-EU recommends updating or upgrading to a non-vulnerable version of the product as soon as possible.

References

[1] https://www.fortiguard.com/psirt/FG-IR-24-015

[2] https://www.fortiguard.com/psirt/FG-IR-24-029

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }