ClickySkip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

FortiOS SSL-VPN/FGFM vulnerability

By 9 February 2024 CERT, SOC, Vulnerability

This live blog contains information regarding a FortiOS SSL-VPN/FGFM vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on February 9, 2024.

Update 9 February 2024

16:00 | On the 8th of February 2024, Fortinet published an Advisory in which they describe CVE-2024-21762. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code via the FortiOS SSL VPN interface using specially crafted requests.

In a different Advisory, also published on the 8th of February, Fortinet describes CVE-2024-23113. This vulnerability in the FortiOS FortiGate-to-FortiManager (FGFM) interface may also allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The impact of this vulnerability is expected to be less critical as the interface is not publicly exposed in most cases.

Both vulnerabilities are already being exploited in the wild, but no public exploit code is available for these vulnerabilities. Both vulnerabilities are solved with the latest software updates for supported versions of FortiOS. Additionally, Fortinet has provided some workarounds.

As the vulnerabilities are already exploited in the wild, combined with the (potential) exposed character of the affected solutions, these vulnerabilities are very critical and must be remediated as soon as possible!

Reason and background of this blog

This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.

Vulnerability information

On the 8th of February 2024, Fortinet published an Advisory in which they describe CVE-2024-21762. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code via the FortiOS SSL VPN interface using specially crafted requests.

In a different Advisory, also published on the 8th of February, Fortinet describes CVE-2024-23113. This vulnerability in the FortiOS FortiGate-to-FortiManager (FGFM) interface may also allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. The impact of this vulnerability is expected to be less critical as the interface is not publicly exposed in most cases.

Both vulnerabilities are already being exploited in the wild, but no public exploit code is available for these vulnerabilities. Both vulnerabilities are solved with the latest software updates for supported versions of FortiOS. Additionally, Fortinet has provided some workarounds.

As the vulnerabilities are already exploited in the wild, combined with the (potential) exposed character of the affected solutions, these vulnerabilities are very critical and must be remediated as soon as possible!

Potential Risk

Both CVE-2024-21762 and CVE-2024-23113 allow an unauthenticated attacker to execute arbitrary code or commands via specially crafted requests to either the SSL-VPN or FGFM daemon. Both vulnerabilities have a CVSSv3-score of 9.8. The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact.

Fortinet is aware of an instance where these vulnerabilities were exploited in the wild, but no public exploit code is available.

Detail info

Vulnerability CVE-2024-21762 in the FortiOS SSL VPN interface exists in the following versions and can be solved by upgrading to the given versions:

Version Affected Solution
FortiOS 7.6 Not affected Not Applicable
FortiOS 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above
FortiOS 7.2 7.2.0 through 7.2.6 Upgrade to 7.2.7 or above
FortiOS 7.0 7.0.0 through 7.0.13 Upgrade to 7.0.14 or above
FortiOS 6.4 6.4.0 through 6.4.14 Upgrade to 6.4.15 or above
FortiOS 6.2 6.2.0 through 6.2.15 Upgrade to 6.2.16 or above
FortiOS 6.0 6.0 all versions Migrate to a fixed release

The impact of vulnerability CVE-2024-21762 can also be mitigated by disabling the SSL VPN functionality (disable webmode is NOT a valid workaround) or by limiting access via an IP filter.

Vulnerability CVE-2024-23113 in the FortiOS FortiGate-to-FortiManager interface exists in the following versions and can be solved by upgrading to the given versions:

Version Affected Solution
FortiOS 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above
FortiOS 7.2 7.2.0 through 7.2.6 Upgrade to 7.2.7 or above
FortiOS 7.0 7.0.0 through 7.0.13 Upgrade to 7.0.14 or above

The impact of vulnerability CVE-2024-23113 can also be mitigated by removing the FGFM access on all interfaces. More details can be found in the security advisory of Fortinet: https://www.fortiguard.com/psirt/FG-IR-24-029

Subscribe

Do you want to be informed in time? Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.