{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-059.pdf"
    },
    "title": "Vulnerability in FortiOS",
    "serial_number": "2024-059",
    "publish_date": "17-06-2024 07:37:54",
    "description": "On June 12, 2024, Fortinet disclosed a high-severity vulnerability identified as CVE-2024-23110 affecting FortiOS. This vulnerability allows an authenticated attacker to execute unauthorised code or commands via specially crafted command line arguments. The issue arises from multiple stack-based buffer overflow security defects in the command line interpreter.<br>\nNo proof of concept is currently available at the moment, nevertheless CERT-EU strongly recommends patching affected products as soon as possible. <br>\n",
    "url_title": "2024-059",
    "content_markdown": "---\ntitle: 'Vulnerability in FortiOS'\nnumber: '2024-059'\nversion: '1.0'\noriginal_date: 'June 12, 2024'\ndate: 'June 17, 2024'\n---\n\n_History:_\n\n* _17/06/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn June 12, 2024, Fortinet disclosed a high-severity vulnerability identified as **CVE-2024-23110** affecting FortiOS. This vulnerability allows an authenticated attacker to execute unauthorised code or commands via specially crafted command line arguments. The issue arises from multiple stack-based buffer overflow security defects in the command line interpreter.\n\nNo proof of concept is currently available at the moment, nevertheless CERT-EU strongly recommends patching affected products as soon as possible. \n\n# Technical details\n\n**CVE-2024-23110**, with a CVSS score of 7.4, impacts FortiOS versions 6.x and 7.x. Exploitation may enable an authenticated attacker to execute unauthorised code or commands through specially crafted command line arguments.\n\n# Affected Products\n\nThe following FortiOS versions are affected:\n\n- 6.x before 6.2.16\n- 6.x before 6.4.15\n- 7.x before 7.0.14\n- 7.x before 7.2.7\n- 7.x before 7.4.3\n\n# Recommendations\n\nIt is strongly recommended to update to the following fixed versions:\n\n- FortiOS 6.2.16\n- FortiOS 6.4.15\n- FortiOS 7.0.14\n- FortiOS 7.2.7\n- FortiOS 7.4.3\n\n# References \n\n[1] <https://www.fortiguard.com/psirt/FG-IR-23-460>\n\n[2] <https://www.securityweek.com/fortinet-patches-code-execution-vulnerability-in-fortios/>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>17/06/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On June 12, 2024, Fortinet disclosed a high-severity vulnerability identified as <strong>CVE-2024-23110</strong> affecting FortiOS. This vulnerability allows an authenticated attacker to execute unauthorised code or commands via specially crafted command line arguments. The issue arises from multiple stack-based buffer overflow security defects in the command line interpreter.</p><p>No proof of concept is currently available at the moment, nevertheless CERT-EU strongly recommends patching affected products as soon as possible. </p><h2 id=\"technical-details\">Technical details</h2><p><strong>CVE-2024-23110</strong>, with a CVSS score of 7.4, impacts FortiOS versions 6.x and 7.x. Exploitation may enable an authenticated attacker to execute unauthorised code or commands through specially crafted command line arguments.</p><h2 id=\"affected-products\">Affected Products</h2><p>The following FortiOS versions are affected:</p><ul><li>6.x before 6.2.16</li><li>6.x before 6.4.15</li><li>7.x before 7.0.14</li><li>7.x before 7.2.7</li><li>7.x before 7.4.3</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is strongly recommended to update to the following fixed versions:</p><ul><li>FortiOS 6.2.16</li><li>FortiOS 6.4.15</li><li>FortiOS 7.0.14</li><li>FortiOS 7.2.7</li><li>FortiOS 7.4.3</li></ul><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.fortiguard.com/psirt/FG-IR-23-460\">https://www.fortiguard.com/psirt/FG-IR-23-460</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.securityweek.com/fortinet-patches-code-execution-vulnerability-in-fortios/\">https://www.securityweek.com/fortinet-patches-code-execution-vulnerability-in-fortios/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}