Fortinet’s FortiOS Vulnerabilities Allow Attackers Trigger RCE and Launch DoS Attack

Fortinet’s FortiOS, the operating system powering its VPN and firewall appliances, has been found vulnerable to multiple security flaws that could allow attackers to execute remote code (RCE) and launch denial-of-service (DoS) attacks.

These vulnerabilities, disclosed by Akamai researcher Ben Barnea, were assigned CVE-2024-46666 and CVE-2024-46668.

Fortinet released patches on January 14, 2025, to mitigate these risks.

The vulnerabilities stem from Fortinet’s use of an outdated version of the Apache apreq library, which is nearly 25 years old.

This antiquated codebase contains several critical flaws, including out-of-bounds (OOB) writes, memory exhaustion issues, and improper handling of multipart form data.

Exploitation of these flaws could render devices non-functional or allow attackers to gain unauthorized access to sensitive systems.

Technical Overview of Vulnerabilities

1. Out-of-Bounds Write and Read: The apreq library mishandles buffer boundaries when processing multipart form data. This flaw could allow attackers to manipulate memory, potentially leading to code execution or system crashes.
2. Denial-of-Service (DoS): A particularly severe issue arises from improper file handling during form uploads. When files are uploaded via the /tmp/ directory, only the first file in a linked list is deleted after processing. .
3. Web Server DoS: Another flaw involves mishandling dropped client connections during multipart data processing. If a connection drops unexpectedly, the server attempts to access invalid memory, leading to a crash.
4. Memory Exhaustion: Attackers can repeatedly upload large files to exhaust system resources, causing devices to become unresponsive.

Impact

These vulnerabilities highlight the risks associated with outdated software components in critical infrastructure.

Attackers exploiting these flaws could disrupt organizational networks or gain access to sensitive systems by leveraging Fortinet appliances as entry points.

Fortinet has addressed these vulnerabilities in updated versions of FortiOS.

Organizations using affected versions are strongly advised to apply patches immediately.

Additionally, administrators should restrict public access to management interfaces and monitor for unusual activity as a precautionary measure.

While the RCE vulnerability appears difficult to exploit in real-world scenarios, the ease of launching DoS attacks underscores the importance of timely patching and robust security practices in safeguarding network infrastructure.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free