Critical Fortinet vulnerability under attack

The US cyber security authority CISA warns that older vulnerabilities in several Fortinet products are currently under attack. It has included the vulnerability in the Known Exploited Vulnerabilities catalog. This obliges US authorities to act promptly, but should also be a wake-up call for local organizations.

The CISA warning merely refers to the vulnerabilities that have been observed in attacks. In addition to the exploited vulnerabilities in Ivanti's CSA that have been known since Wednesday of this week, the authority warns of a format string vulnerability in several Fortinet products that cyber criminals are apparently targeting at the moment.

Fortinet vulnerability: Updates available

As usual, the CISA does not discuss what the attacks look like and how those affected can recognize successful attacks. However, the vulnerability itself is known, it is the vulnerability CVE-2024-23113, classified as a"critical" risk with a CVSS value of 9.8. The vulnerability is due to the conversion of externally controllable input into data processed by the software using so-called format string functions. Attackers can use specially prepared network packets to infiltrate malicious code or commands without authorization.

Fortinet has listed the affected products and the versions that correct the error in the associated security notice. IT managers should update as quickly as possible to at least the versions listed below, but preferably to the latest available software version. FortiOS 7.4.3, 7.2.7 and 7.0.14, FortiPAM in an unspecified version, although FortiPAM 1.3 is not said to be affected, FortiProxy 7.4.3, 7.2.9 and 7.0.16 and finally FortiWeb 7.4.3 eliminate the gap.

In February, Fortinet patched several security vulnerabilities in several products. These included vulnerabilities in the SSL VPN component of FortiOS and in FortiSIEM.

(dmk)