"Critical Fortinet FortiOS Flaw Exploited in The Wild (CVE-2024-21762)"
Fortinet has recently patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762 and CVE-2024-23313), one of which is “potentially” being exploited in the wild. CISA noted that CVE-2024-21762 is an out-of-bounds write vulnerability in FortiOS, which may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. CVE-2024-23313 is a use of externally-controlled format string vulnerability in FortiOS fgfmd daemon, which may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. CISA noted that various versions of FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager are affected by one or both of these vulnerabilities, and fixed versions have been provided. CISA noted, however, that some older versions won’t receive a fix, and users are advised to migrate to a fixed release. There is also a workaround for both flaws: disable SSL VPN (CVE-2024-21762) or remove the fgfm access for each interface (CVE-2024-23313).