Skip to content
arrow-alt-circle-up icon

Cyber Incident Call

arrow-alt-circle-up icon

00800 1744 0000

arrow-alt-circle-up icon

See all Threat Responses

Date: 8-2-2024

On 8 February 2024, Fortinet warned[1] about two critical severity vulnerabilities (CVE-2024-21762[2], CVE-2024-23113[3]) in FortiOS, the operating system used in Fortinet hardware, such as Fortigate firewalls and switches. The vulnerabilities received a CVSS score of 9.6 and 9.8 out of 10.

Fortinet published a patch to remediate the vulnerability, we urgently advise applying this patch.

Both vulnerabilities allow an adversary to remotely compromise the appliance. Reports of CVE-2024-21762 being exploited in the wild have surfaced[2][4]. 

Description

FortiOS is the operating system used in Fortinet hardware, such as Fortigate firewalls and switches.

The following versions of FortiOS are vulnerable:

  • FortiOS 7.4.0 - 7.4.2

  • FortiOS 7.2.0 - 7.2.6

  • FortiOS 7.0.0 - 7.0.13

  • FortiOS 6.4.0 - 6.4.14

  • FortiOS 6.2.0 - 6.2.15

  • FortiOS 6.x

Reports of this vulnerability being exploited in the wild have surfaced[2][4]. However, at the time of writing, no public exploit code is available.

We strongly recommend installing the patches provided by Fortinet to mitigate these vulnerabilities as soon as possible. The Dutch Cyber Security Center (NCSC) has also released an advisory that rates the vulnerabilities as HIGH risk and HIGH impact[6].

The first vulnerability (CVE-2024-21762) was found in the SSL VPN service of FortiOS. The second vulnerability (CVE-2024-23113) was found in the FortiGate to FortiManager (FGFM) service, which is the protocol used for managing FortiGate appliances through the central FortiManager management console.

Impact

We estimate the impact of these vulnerabilities as HIGH because the successful exploitation of these vulnerabilities could result in unauthenticated remote code execution. This matches the rating given by NCSC[6].

Risk

We estimate the risk of these vulnerabilities as HIGH, as there are reports of active exploitation of one of the vulnerabilities. The primary risks associated with these vulnerabilities is unauthorised access to your environment and lateral movement. This matches the rating given by NCSC[6].

Mitigation

Fortinet published a patch to remediate the vulnerabilities. Northwave recommends upgrading your FortiOS devices to the patched version. Fortigate recommends using the Fortinet upgrade tool[5] to upgrade the devices.

For CVE-2024-21762 a workaround to prevent exploitation is to disable the SSL VPN. However, for CVE-2024-23113, upgrading is the only known mitigation. Since CVE-2024-23113 is a vulnerability in the FGFM service, ensuring that the FGFM port (tcp 541) is not exposed to the public internet will reduce the risk of exploitation.

What should you do?

Upgrade your FortiOS devices to the patched version.

What will Northwave do?

Vulnerability Management customers will be informed in case vulnerable systems are detected in their infrastructure. 

We will monitor any developments regarding this vulnerability. If new critical information about this threat arises we will reach out to you. You can call us by phone or send us an email if you would like additional information.

E-mail: soc@northwave.nl Do you have an incident right now? Call our Incident Response Team: 00800 1744 0000

Disclaimer applies, see below.

 

Sources

[1]: https://fortiguard.fortinet.com/psirt?product=FortiOS-6K7K%2CFortiOS&version=&date=2024&severity=5

[2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21762

[3]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23113

[4]:https://www.bleepingcomputer.com/news/security/new-fortinet-rce-flaw-in-ssl-vpn-likely-exploited-in-attacks/

[5]: https://docs.fortinet.com/upgrade-tool

[6]: https://advisories.ncsc.nl/advisory?id=NCSC-2024-0058

Disclaimer

Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.