This is an emergency threat advisory to make you aware of the recent discovery of two critical vulnerabilities in FortiOS SSL VPN and FortiOS fgfm daemon.
CVE-2024-21762 is a critical vulnerability affecting FortiOS SSL VPN that when exploited allows unauthenticated attackers to gain remote code execution via maliciously crafted requests.
CVE-2024-23113 is a critical vulnerability affecting FortiOS, which allows use of externally controlled format string vulnerability in FortiOS fgfmd daemon, that may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
Fortinet is warning that the SSL VPN critical vulnerability is potentially being exploited in attacks. Attacks against the second critical vulnerability have not been observed yet.
To patch the above bugs, Fortinet recommends upgrading to one of the latest versions based on this table:
Version | Affected | Solution |
FortiOS 7.6 | Not affected | Not Applicable |
FortiOS 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
FortiOS 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
FortiOS 7.0 | 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above |
FortiOS 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
FortiOS 6.2 | 6.2.0 through 6.2.15 | Upgrade to 6.2.16 or above |
FortiOS 6.0 | 6.0 all versions | Migrate to a fixed release |
If you are unable to apply the above patches, mitigation is also achieved by disabling the SSL VPN and the WAN interface entirely on your FortiOS device. However, Fortinet has advised that disabling webmode is NOT a valid workaround.
For further information regarding this vulnerability please see Fortinet FortiGuard Labs:
CVE-2024-23113 – PSIRT | FortiGuard (fortinet.com)
CVE-2024-21762 – PSIRT | FortiGuard (fortinet.com)
For assistance regarding an upgrade path, see Fortinet Upgrade Tool: Upgrade Tool | Fortinet (fortinet.com)
Get norm.’s threat bulletin direct to your inbox
norm. tracks and monitors the latest security trends and cyber threats and collates these into a fortnightly threat bulletin.
You can receive this bulletin for free, every fortnight, by entering your business email address below: