Saturday, May 25, 2024

New Fortinet FortiOS Flaw Lets Attacker Execute Arbitrary Code

Fortinet has disclosed a critical vulnerability in its FortiOS and FortiProxy captive portal systems, potentially allowing attackers to execute arbitrary code through specially crafted HTTP requests.

This revelation underscores the ongoing challenges in safeguarding digital infrastructures against sophisticated threats.

Technical Breakdown of the Vulnerability

The vulnerability, identified as an out-of-bounds write issue CVE-2023-42789 and a stack-based buffer overflow CVE-2023-42790, affects multiple versions of FortiOS and FortiProxy.

Specifically, the impacted versions are FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, and 6.2.0 through 6.2.15, along with FortiProxy versions 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, and 2.0.0 through 2.0.13.

An attacker with access to the captive portal can exploit these vulnerabilities by sending specially crafted HTTP requests, which can lead to unauthorized code or command execution within the system.

This flaw poses a significant risk, as it could allow attackers to gain control over affected systems, potentially leading to data theft, system compromise, and further network infiltration.

Impact on Users

The implications of this vulnerability are far-reaching, affecting a broad spectrum of Fortinet’s user base.

Organizations utilizing the affected FortiOS and FortiProxy versions are at risk of targeted attacks that could compromise sensitive information and disrupt critical operations.

The vulnerability’s severity is underscored by its potential to allow attackers to execute arbitrary code, which can be leveraged for a wide range of malicious activities.

Affected Products and Versions

The vulnerabilities affect a range of Fortinet products across various versions:

  • FortiOS versions 7.4.0 to 7.4.1
  • FortiOS versions 7.2.0 to 7.2.5
  • FortiOS versions 7.0.0 to 7.0.12
  • FortiOS versions 6.4.0 to 6.4.14
  • FortiOS versions 6.2.0 to 6.2.15
  • FortiProxy version 7.4.0
  • FortiProxy versions 7.2.0 to 7.2.6
  • FortiProxy versions 7.0.0 to 7.0.12
  • FortiProxy versions 2.0.0 to 2.0.13

Solutions and Remediation

Fortinet has released software updates to address these vulnerabilities. Users are urged to upgrade their systems to the following versions or higher:

  • FortiOS version 7.4.2
  • FortiOS version 7.2.6
  • FortiOS version 7.0.13
  • FortiOS version 6.4.15
  • FortiOS version 6.2.16
  • FortiProxy version 7.4.1
  • FortiProxy version 7.2.7
  • FortiProxy version 7.0.13
  • FortiProxy version 2.0.14

Additionally, Fortinet has remediated the issue in FortiSASE version 23.3.b in Q3/23, so customers using this version need not take any further action.

The FMWP database update 23.105 also includes a virtual patch named “FortiOS.Captive.Portal.Out.Of.Bounds.Write.”

The vulnerabilities were internally discovered and reported by Gwendal Guégniaud of the Fortinet Product Security Team.

The initial publication of these findings was on February 27, 2024.

Fortinet customers are advised to review the provided solutions and apply the necessary updates or workarounds to ensure their systems are protected against the potential exploitation of these vulnerabilities.

With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Website

Latest articles

Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program

In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing...

Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft

Gift cards are attractive to hackers since they provide quick monetization for stolen data...

Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities

The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining...

NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers

Zero Trust Maturity measures the extent to which an organization has adopted and implemented...

Chinese Hackers Stay Hidden On Military And Government Networks For Six Years

Hackers target military and government networks for varied reasons, primarily related to spying, which...

DNSBomb : A New DoS Attack That Exploits DNS Queries

A new practical and powerful Denial of service attack has been discovered that exploits...

Malicious PyPI & NPM Packages Attacking MacOS Users

Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users.These...
Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles