Patchday Fortinet: Backdoor allows unauthorized access to FortiSwitch
The provider of IT security solutions Fortinet has released numerous security updates for its products. Network admins should keep an eye on this.
Vulnerabilities threaten appliances.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Attackers can use several vulnerabilities in FortiManager, FortiSIEM and FortiVoice, among others, to attack systems. Current security patches should prevent this.
Critical security vulnerabilities
To prevent possible attacks, network admins should check the security section of the Fortinet website to find the products that affect them and install the patches promptly. A list of all security updates is beyond the scope of this report. So far, there are no indications of ongoing attacks.
Some vulnerabilities are classified as “critical”. Attackers can use crafted requests to the Node.js web socket module to gain super admin rights in FortiOS (CVE-2024-55591). In addition, malicious code can reach systems with FortiOS and FortiProxy using special HTTP requests (CVE-2024-21762). Attacks should be possible remotely without authentication. Due to a hard-coded cryptographic key, unauthorized access to FortiSwitch is conceivable (CVE-2023-37936).
Videos by heise
Other dangers
Many other vulnerabilities are classified with the threat level “high”. Attackers can use these vulnerabilities to execute their commands or even malicious code. On top of this, data that is actually sealed off can be viewed. In some cases, authentication can be bypassed and attackers can gain access via brute force attacks. DoS attacks are also possible, allowing attackers to crash services. It is not yet known how attacks could actually take place.
(des)
