< BACK TO BLOG

12 Feb, 2024
by Andres Ramos

CVE-2024-21762 and CVE-2024-23113: Multiple Critical Vulnerabilities in Fortinet, One Likely Under Active Exploitation

On 8 February 2024, Fortinet’s FortiGuard disclosed two critical vulnerabilities affecting FortiOS. CVE-2024-23113, a format string vulnerability, and CVE-2024-21762, an out-of-bounds write vulnerability, could allow unauthenticated threat actors to execute arbitrary code or commands. FortiGuard has stated they are aware of potential exploitation of CVE-2024-21762.

Details of the potential exploitation of CVE-2024-21762 have not been disclosed at the time of writing. Additionally, Arctic Wolf has not identified any public Proof of Concept (PoC) exploits for either of these vulnerabilities. Several FortiOS vulnerabilities have been exploited in the past, such as the remote code execution (RCE) vulnerability CVE-2023-27997, which was exploited by threat actors in 2023. Considering the potential for various malicious activities upon exploitation and past incidents involving FortiOS vulnerabilities, Arctic Wolf anticipates threat actors might target these vulnerabilities soon.

CVE-2023-34992

Fortinet has also recently has patched bypass variants for a critical vulnerability (CVE-2023-34992) disclosed in October 2023. These bypasses, tracked as CVE-2024-23108 and CVE-2023-24109 are critical vulnerabilities and can allow a remote unauthenticated threat actor to execute commands in various versions of FortiSIEM.

Recommendations for CVE-2024-21762 and CVE-2024-23113

Upgrade To a Fixed Version of FortiOS and FortiSIEM

Arctic Wolf strongly recommends upgrading to the latest patched versions of FortiOS and FortiSIEM to address these vulnerabilities. Below is a table outlining the affected and fixed versions:

Product	Vulnerability	Affected Version	Fixed Version
FortiOS	CVE-2024-23113, CVE-2024-21762	7.4.0 through 7.4.2	7.4.3 or above
	CVE-2024-23113, CVE-2024-21762	7.2.0 through 7.2.6	7.2.7 or above
	CVE-2024-23113, CVE-2024-21762	7.0.0 through 7.0.13	7.0.14 or above
	CVE-2024-21762	6.4.0 through 6.4.14	6.4.15 or above
	CVE-2024-21762	6.2.0 through 6.2.15	6.2.16 or above
	CVE-2024-21762	6.0 all versions	Migrate to a fixed release
FortiSIEM	CVE-2023-34992, CVE-2024-23108, CVE-2024-23109	7.1.0 through 7.1.1 7.0.0 through 7.0.2 6.7.0 through 6.7.8 6.6.0 through 6.6.3 6.5.0 through 6.5.2 6.4.0 through 6.4.2	7.1.2 or above 7.0.3 or above 6.7.9 or above 7.2.0 or above 6.6.5 or above 6.5.3 or above 6.4.4 or above

Please follow your organisation’s patching and testing guidelines to avoid any operational impact.

Workarounds

For users who are currently unable to perform patches, FortiGuard has provided the following workarounds:

Remove fgfm Access

For CVE-2024-23113, a temporary workaround is to remove fgfm access on each interface until the system can be patched. For the specific changes, review the FortiGuard advisory for CVE-2024-23113.

Disable SSL VPN

For CVE-2024-21762, disabling SSL VPN on FortiOS devices can mitigate the risk until the device can be updated to a fixed version.

References

See other important security bulletins from Arctic Wolf.

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.

Continue Reading

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognise and neutralise social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyse.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

Oracle Red Bull Racing trusts Arctic Wolf to secure its expansive IT environment and the mission-critical proprietary data it contains.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organisation.

SECURITY BULLETINS

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

COMPANY