Sedara Security Bulletin: Out-of-Bounds Write Vulnerability in FortiOS
Vulnerability: CVE-2024-21762 and CVE-2024-24113
Description of the vulnerability:
Fortinet reports that there is an out-of-bounds write vulnerability in SSL-VPN, CVE-2024-21762 (CVSSv3 score 9.6). An out-of-bounds write vulnerability is similar to a buffer overflow, writing data beyond the boundaries of allocated memory. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code and commands by sending a crafted HTTP request to a vulnerable FortiNet VPN service.
A second critical vulnerability has been released in the same time frame, CVE-2024-24113. This is a privilege escalation vulnerability that causes low-privileged users to control executor to remote code execution (RCE).
Severity:
Both vulnerabilities are categorized as “critical”, with CVSSv3 scores of 9.6 (CVE-2024-21762) and 9.8 (CVE-2024-24113).
Both vulnerabilities are believed by FortiNet to have been exploited in the wild, though they have not yet provided additional details. Since it is common for SSL-VPN to be exposed to the Internet, SSL-VPN vulnerabilities are in an ideal position for attackers to exploit.
Software affected: Fortinet FortiOS & FortiProxy, multiple versions prior to and including v 7.4.2
Mitigation:
The recommended action for this vulnerability is to upgrade to the latest security patch of FortiOS for the installed version.
If an update cannot be immediately applied, FortiGuard Labs have published a workaround of removing fgfm access on each interface of the appliance. However, this workaround remediates only CVE-2024-24113; it does not address CVE-2024-21762. Currently, the only advised action to remediate CVE-2024-21762 is vendor-provided patches.
If neither an update nor workaround can be applied, FortiNet advises organizations to disable SSL-VPN functionality until it is possible to update.
Related Reading:
NIST CVE-2024-21762, https://nvd.nist.gov/vuln/detail/CVE-2024-21762
FortiGuard IR Report FG-IR-24-015, https://www.fortiguard.com/psirt/FG-IR-24-015
FortiGuard IR Report FG-IR-24-029, https://www.fortiguard.com/psirt/FG-IR-24-029
How Sedara Can Help
Our Security Operations Center can assist your organization in detecting and responding to threats through 24x7x365 monitoring. Staffed with expert analysts, our SOC provides visibility across your entire network for real-time analysis and alerting of security events. We help you ignore the noise so you can take immediate action on security incidents.