The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that threat actors are actively exploiting a critical vulnerability in several Fortinet devices, which was previously disclosed and patched in February 2024. The flaw, designated CVE-2024-23113, could allow unauthenticated threat actors to execute arbitrary commands on Fortinet devices running:
- FortiOS 7.0 and later
- FortiPAM 1.0 and higher
- FortiProxy 7.0 and above
- FortiWeb 7.4
CISA has added CVE-2024-23113 to its Known Exploited Vulnerability (KEV) catalog and has issued an order to federal agencies to patch their systems within three weeks.
Source: Bleeping Computer
Analysis
The exploitation of CVE-2024-23113 highlights the importance of patching vulnerable devices and software within a reasonable time frame. Given that Fortinet disclosed and patched this vulnerability in February 2024, it’s unfortunate that some systems remain unpatched some eight months later.
Fortinet devices have a long history of being exploited by both cybercriminals and state-sponsored cyber actors. For example, in June 2024, the Dutch Military Intelligence and Security Service (MIVD) advised that a China-linked threat actor leveraged another critical FortiOS RCE vulnerability, designated CVE-2022-42475, to compromise 20,000 FortiGate network security appliances with malware between 2022 and 2023.
Mitigation
Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in devices and software, including those developed by Fortinet. Field Effect MDR users are automatically notified if a vulnerable version of Fortinet software or device is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly recommends that impacted users install the patch as soon as possible, in accordance with Fortinet’s original advisory.
Since Fortinet devices and software are popular targets for threat actors due to their widespread use and frequent vulnerabilities, organizations that use Fortinet products should pay particular attention to ensure they are kept up to date to avoid compromise.
Related Articles