Multiple RCE vulnerabilities affecting Fortinet products

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

3:00pm, 9 February 2024

TLP Rating: Clear

Multiple RCE vulnerabilities affecting Fortinet products

UPDATED: 14/02/24

Fortinet has released advisories for two new vulnerabilities impacting FortiOS, FortiProxy, FortiPAM and FortiSwitchManager devices. 

The vulnerabilities, tracked as CVE-2024-21762 and CVE-2024-23113, may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.

Fortinet has indicated CVE-2024-21762 is potentially being exploited in the wild.

What to look for

How to tell if you're at risk

CVE-2024-21762 affects the following products.

FortiOS versions:

·       7.4.0 through 7.4.2

·       7.2.0 through 7.2.6

·       7.0.0 through 7.0.13

·       6.4.0 through 6.4.14

·       6.2.0 through 6.2.15

·       6.0 all versions,

FortiProxy versions:  

·       7.4.0 through 7.4.2

·       7.2.0 through 7.2.8

·       7.0.0 through 7.0.14

·       2.0.0 through 2.0.13

·       1.2 all versions

·       1.1 all versions

·       1.0 all versions

 

CVE-2024-23113 affects the following products.

FortiOS versions:

  • 7.4.0 through 7.4.2
  • 7.2.0 through 7.2.6
  • 7.0.0 through 7.0.13,

FortiPAM versions:

  •  1.2.0
  • 1.1.0 through 1.1.2,

FortiProxy versions:

·       7.4.0 through 7.4.2

·       7.2.0 through 7.2.8

·       7.0.0 through 7.0.14,

FortiSwitchManager versions:

·       7.2.0 through 7.2.3

·       7.0.0 through 7.0.3

 

Note: Version 7.6 is not affected by either vulnerability.

What to do

Prevention

Fortinet recommends updating to the latest versions available. Please check their advisory page for further details.

Mitigation

Fortinet has included disabling SSL VPN as a workaround specifically for CVE-2024-21762.

For CVE-2024-23113, Fortinet has advised removing FGFM access or restricting access to FGFM for each interface. More details are available on their advisory page.

More information

Further details can be found on the official Fortinet website:

CVE-2024-21762 | FortiGuard External Link

CVE-2024-23113 | Fortiguard External Link

 

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ External Link