October 14, 2024 at 08:36AM
Over 86,000 Fortinet instances remain vulnerable to a critical flaw (CVE-2024-23113) actively exploited since last week, mainly in Asia. The vulnerability, with a high severity rating, affects various Fortinet products and requires urgent updates or mitigations as recommended by Fortinet to ensure security against potential exploits.
### Meeting Takeaways: Fortinet Vulnerability Update
1. **Vulnerability Overview**:
– A critical vulnerability, CVE-2024-23113, affects over 86,000 Fortinet instances globally, with the current count at 86,602 down from 87,930.
2. **Geographic Distribution**:
– Most vulnerable instances are located in:
– Asia: 38,778
– North America: 21,262
– Europe: 16,381
3. **Exploitation Timeline**:
– Initially disclosed in February, the vulnerability has only recently attracted attacker interest, as noted by the US CISA adding it to the Known Exploited Vulnerabilities (KEV) catalog following active exploitation reports.
4. **CISA Guidelines**:
– Agencies must address the vulnerability within 21 days:
– Upgrade to a secure version or disconnect impacted devices until fixes are in place.
5. **Severity and Impact**:
– CVE-2024-23113 has a CVSS v3 severity rating of 9.8, indicating high risk:
– Potential impact on data confidentiality, system integrity, and service availability.
– Does not require user interaction or privileges for exploitation.
6. **Affected Systems**:
– Vulnerable systems include various versions of FortiOS, FortiPAM, FortiProxy, and FortiWeb.
7. **Recommended Actions**:
– Administrators should:
– Upgrade to unaffected releases.
– Implement mitigations as per Fortinet’s advisory, which includes removing the fgfm daemon access for vulnerable interfaces (note: this could hinder FortiManager’s ability to discover FortiGate devices).
8. **Uncertainty Regarding Ransomware**:
– The role of this vulnerability in ransomware attacks remains unclear.
### Action Items:
– Ensure all relevant parties are informed of the vulnerability and its implications.
– Monitor progress on the compliance of guidelines from CISA within the 21-day period.
– Conduct a review of current system versions and implement upgrades or mitigations as necessary.