CISA warns of critical Fortinet RCE actively exploited
Take action: If you still haven't applied the patches from February to your Fortinet products, start patching IMMEDIATELY. Because a lot of vulnerabilities, including this one is actively hacked and you will be hacked.
Learn More
The Cybersecurity and Infrastructure Security Agency (CISA) has reported active exploitation of a critical remote code execution (RCE) vulnerability in Fortinet's FortiOS.
The flaw, tracked as CVE-2024-23113 (CVSS score 9.8), first disclosed by Fortinet in February 2024, impacts various Fortinet products. The vulnerability stems from the fgfmd daemon, which handles authentication and keep-alive messages across Fortinet products. It is vulnerable to an externally controlled format string, allowing unauthenticated attackers to execute arbitrary code on unpatched systems
Affected Products:
- FortiOS versions 7.0 and newer
- FortiPAM versions 1.0 and higher
- FortiProxy versions 7.0 and above
- FortiWeb versions 7.4 and above
Fortinet released patches for this vulnerability in February 2024, advising administrators to limit access to the fgfmd daemon and use local-in policies that restrict FGFM connections to specific IP addresses. However, these measures were noted to be incomplete fix against the flaw. Organizations are strongly advised to apply the provided patches to fully address the security issue.
In response to the active exploitation, CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog and has mandated that all U.S. federal agencies patch affected Fortinet devices by October 30, 2024.
