RCE vulnerability affecting Fortinet products

4:30pm, 17 October 2024

TLP Rating: Clear

RCE vulnerability affecting Fortinet products

A use of an externally controlled format string in affected Fortinet products allows a remote attacker to execute unauthorized code or commands via specially crafted packets. CVE-2024-23113.

For most products an upgrade to the latest version is required.

What's happening

Systems affected

FortiOS

7.4.0 through 7.4.2
7.2.0 through 7.2.6
7.0.0 through 7.0.13

FortiProxy

7.4.0 through 7.4.2
7.2.0 through 7.2.8
7.0.0 through 7.0.15

FortiPAM

1.2.x
1.1.x
1.0.x

FortiWeb

7.4.0 through 7.4.2

What this means

Listed Fortinet products are vulnerable to CVE-2024-23113 that is being reported as under active exploitation.

Note: FortiOS 6.x and FortiPAM 1.3 are not affected.

What to look for

How to tell if you're at risk

If you are running Fortinet products within the listed version range.

What to do

Prevention

FortiOS products need to be upgraded to:

FortiOS 7.4.3 or above
FortiOS 7.2.7 or above
FortiOS 7.0.14 or above

FortiPAM products listed above need to be migrated to a fixed release.

FortiProxy products need to be upgraded to:

FortiProxy 7.4.3 or above
FortiProxy 7.2.9 or above
FortiProxy 7.0.16 or above

FortiWeb 7.4 needs to be upgraded to 7.4.3 or above.

Mitigation

For each interface, remove the fgfm access, for example change from:

config system interface
edit "portX"
set allowaccess ping https ssh fgfm
next
end

to:

config system interface
edit "portX"
set allowaccess ping https ssh
next
end

This will prevent FortiGate discovery from FortiManager. Connection will still be possible from FortiGate.

More information

Fortinet advisory:
PSIRT | FortiGuard Labs External Link

Fortinet upgrade path tool:
Fortinet Document Library | Upgrade Path Tool External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ External Link