March 13, 2024 at 02:48PM
Fortinet patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) software, impacting versions 7.0 and 7.2. The company also fixed an out-of-bounds write weakness in FortiOS and FortiProxy captive portal, as well as other high-severity flaws. A prior RCE bug was disclosed, potentially exploited in the wild.
Based on the meeting notes, the key points are:
1. Fortinet patched a critical vulnerability (CVE-2023-48788) in its FortiClient Enterprise Management Server (EMS) software, allowing unauthenticated attackers to gain remote code execution (RCE) on vulnerable servers.
2. The CVE-2023-48788 exploit was discovered and reported by the UK’s National Cyber Security Centre (NCSC) and Fortinet developer Thiago Santana. It impacts FortiClient EMS versions 7.0 (7.0.1 through 7.0.10) and 7.2 (7.2.0 through 7.2.2).
3. Horizon3’s Attack Team confirmed the bug’s critical severity and will publish proof-of-concept exploit code and a technical deep-dive next week.
4. Additionally, another critical out-of-bounds write weakness (CVE-2023-42789) in the FortiOS and FortiProxy captive portal was fixed, which could allow an unauthenticated “inside attacker” to remotely execute unauthorized code or commands on unpatched devices.
5. Two other high-severity flaws were patched: an improper access control (CVE-2023-36554) in FortiWLM MEA for FortiManager and a CSV injection (CVE-2023-47534) in FortiClient EMS.
6. Fortinet had previously disclosed a critical RCE bug (CVE-2024-21762) in the FortiOS operating system and the FortiProxy secure web proxy, which was potentially being exploited in the wild.
7. CISA confirmed the active exploitation of CVE-2024-21762 and ordered federal agencies to secure their FortiOS and FortiProxy devices within seven days.
These notes highlight critical vulnerabilities and the active exploitation of Fortinet flaws, emphasizing the urgent need for security patching and mitigation efforts.