Fortinet Patches Code Execution Vulnerability in FortiOS

Fortinet Patches Code Execution Vulnerability in FortiOS

June 12, 2024 at 12:45PM

Fortinet has released patches for multiple vulnerabilities in FortiOS, including stack-based buffer overflow flaws leading to unauthorized code execution. The most severe issue, CVE-2024-23110, impacts FortiOS 6.x and 7.x. Other vulnerabilities include CVE-2024-26010, CVE-2023-46720, and CVE-2024-3661. Customers are advised to upgrade to fixed releases to mitigate potential exploitation.

Based on the meeting notes, it is clear that Fortinet has announced patches for multiple vulnerabilities in FortiOS and other products. The most severe issue identified is CVE-2024-23110, which affects FortiOS versions 6.x and 7.x, and could allow an authenticated attacker to execute unauthorized code or commands. The bug was addressed with the release of FortiOS 6.2.16, 6.4.15, 7.0.14, 7.2.7, and 7.4.3.

Additionally, there are medium-severity vulnerabilities, such as CVE-2024-26010 and CVE-2023-46720, impacting FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager, which could be exploited for executing arbitrary code or commands. FortiOS versions 7.2.8 and 7.4.4 contain fixes for CVE-2023-46720.

Furthermore, there are vulnerabilities impacting both FortiOS and FortiProxy, allowing attackers to execute JavaScript code or decrypt backup files, as well as SQL injection flaws in FortiPortal and FortiSOAR Event Auth API.

Lastly, Fortinet acknowledged that some of its products are affected by the TunnelVision attack (CVE-2024-3661), which can bypass VPN protections and intercept traffic. Users of FortiClientWindows (SSL-VPN) can mitigate the attack by using ‘Full-Tunnel’ with ‘exclusive-routing’ enabled.

Fortinet mentions no known exploitation of these vulnerabilities, but it’s noted that threat actors have exploited flaws in Fortinet products for which patches had been released.

For further details and action items, please let me know.

Full Article