CVE-2024-21762 and CVE-2024-23113: Multiple Critical Vulnerabilities in Fortinet, One Likely Under Active Exploitation

Share :

On February 8, 2024, Fortinet’s FortiGuard disclosed two critical vulnerabilities affecting FortiOS. CVE-2024-23113, a format string vulnerability, and CVE-2024-21762, an out-of-bounds write vulnerability, could allow unauthenticated threat actors to execute arbitrary code or commands. FortiGuard has stated they are aware of potential exploitation of CVE-2024-21762. 

Details of the potential exploitation of CVE-2024-21762 have not been disclosed at the time of writing. Additionally, Arctic Wolf has not identified any public Proof of Concept (PoC) exploits for either of these vulnerabilities. Several FortiOS vulnerabilities have been exploited in the past, such as the remote code execution (RCE) vulnerability CVE-2023-27997, which was exploited by threat actors in 2023. Considering the potential for various malicious activities upon exploitation and past incidents involving FortiOS vulnerabilities, Arctic Wolf anticipates threat actors might target these vulnerabilities soon. 

CVE-2023-34992

Fortinet has also recently has patched bypass variants for a critical vulnerability (CVE-2023-34992) disclosed in October 2023. These bypasses, tracked as CVE-2024-23108 and CVE-2023-24109 are critical vulnerabilities and can allow a remote unauthenticated threat actor to execute commands in various versions of FortiSIEM. 

Recommendations for CVE-2024-21762 and CVE-2024-23113

Upgrade To a Fixed Version of FortiOS and FortiSIEM

Arctic Wolf strongly recommends upgrading to the latest patched versions of FortiOS and FortiSIEM to address these vulnerabilities. Below is a table outlining the affected and fixed versions: 

Product  Vulnerability  Affected Version  Fixed Version 
FortiOS  CVE-2024-23113, CVE-2024-21762  7.4.0 through 7.4.2  7.4.3 or above 
CVE-2024-23113, CVE-2024-21762  7.2.0 through 7.2.6  7.2.7 or above 
CVE-2024-23113, CVE-2024-21762  7.0.0 through 7.0.13  7.0.14 or above 
CVE-2024-21762  6.4.0 through 6.4.14  6.4.15 or above 
CVE-2024-21762  6.2.0 through 6.2.15  6.2.16 or above 
CVE-2024-21762  6.0 all versions  Migrate to a fixed release 
FortiSIEM  CVE-2023-34992, CVE-2024-23108, CVE-2024-23109 
  • 7.1.0 through 7.1.1 
  • 7.0.0 through 7.0.2 
  • 6.7.0 through 6.7.8 
  • 6.6.0 through 6.6.3 
  • 6.5.0 through 6.5.2 
  • 6.4.0 through 6.4.2 
  • 7.1.2 or above 
  • 7.0.3 or above 
  • 6.7.9 or above 
  • 7.2.0 or above 
  • 6.6.5 or above 
  • 6.5.3 or above 
  • 6.4.4 or above 

 

Please follow your organization’s patching and testing guidelines to avoid any operational impact. 

Workarounds

For users who are currently unable to perform patches, FortiGuard has provided the following workarounds: 

Remove fgfm Access

For CVE-2024-23113, a temporary workaround is to remove fgfm access on each interface until the system can be patched. For the specific changes, review the FortiGuard advisory for CVE-2024-23113. 

Disable SSL VPN

For CVE-2024-21762, disabling SSL VPN on FortiOS devices can mitigate the risk until the device can be updated to a fixed version. 

References 

See other important security bulletins from Arctic Wolf.

Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security and holds a bachelor’s degree in Cybersecurity Engineering.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter