The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a remote code execution (RCE) vulnerability being actively exploited in Fortinet products. If you are using Fortinet, please read this Cybersecurity Threat Advisory to learn how to mitigate your organization’s risks.
What is the threat?
CVE-2024-23113 is a critical RCE vulnerability in FortiOS systems. The flaw stems from the fgfmd daemon accepting an externally controlled format string as an argument. This vulnerability allows unauthenticated attackers to execute commands or arbitrary code on unpatched devices through low-complexity attacks that do not require user interaction.
Why is this noteworthy?
The vulnerable fgfmd daemon operates on FortiGate and FortiManager devices, managing authentication requests and keep-alive messages between them, as well as related actions such as instructing other processes to update files or databases. The CVE-2024-23113 vulnerability affects the following versions:
- FortiOS 7.0 and later
- FortiPAM 1.0 and above
- FortiProxy 7.0 and later
- FortiWeb 7.4
A patch was issued in February with recommendations for administrators to restrict access to the fgfmd daemon from all interfaces as a mitigation strategy to prevent potential attacks.
What is the exposure or risk?
CISA has confirmed that the CVE-2024-23113 vulnerability is being actively exploited in the wild. Attackers are leveraging this flaw to gain unauthorized access to vulnerable systems without requiring user interaction or elevated privileges, making it a low-complexity attack vector. This exploitation poses serious risks to organizations.
CISA has added CVE-2024-23113 to its (KEV) Known Exploited Vulnerabilities Catalog, requiring U.S. federal agencies to patch affected systems by October 30, 2024. Organizations must act quickly to apply patches and implement mitigation strategies to prevent unauthorized access and potential data breaches.
What are the recommendations?
Barracuda recommends the following actions to protect your environment against this vulnerability:
- Apply updates to affected versions immediately.
- Implement network segmentation and access controls to minimize potential attack vectors.
- Remove unsupported versions (end-of-life or those that cannot be updated) from networks.
- Use a 24/7 network security solution, such as Barracuda XDR Network Security, to monitor anomalies in your IT environment.
References
For more in-depth information about the recommendations, please visit the following links:
- CISA says critical Fortinet RCE flaw now exploited in attacks (bleepingcomputer.com)
- CISA Warns of Fortinet RCE Vulnerability Actively Exploited (cybersecuritynews.com)
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.
