Right this moment, CISA revealed that attackers actively exploit a essential FortiOS distant code execution (RCE) vulnerability within the wild.
The flaw (CVE-2024-23113) is attributable to the fgfmd daemon accepting an externally managed format string as an argument, which might let unauthenticated menace actors execute instructions or arbitrary code on unpatched units in low-complexity assaults that do not require person interplay.
As Fortinet explains, the weak fgfmd daemon runs on FortiGate and FortiManager, dealing with all authentication requests and managing keep-alive messages between them (in addition to all ensuing actions like instructing different processes to replace information or databases).
CVE-2024-23113 impacts FortiOS 7.0 and later, FortiPAM 1.0 and better, FortiProxy 7.0 and above, and FortiWeb 7.4.
The corporate disclosed and patched this safety flaw in February when it suggested admins to take away entry to the fgfmd damon for all interfaces as a mitigation measure designed to dam potential assaults.
“Word that it will stop FortiGate discovery from FortiManager. Connection will nonetheless be attainable from FortiGate,” Fortinet mentioned.
“Please additionally notice {that a} local-in coverage that solely permits FGFM connections from a particular IP will cut back the assault floor nevertheless it will not stop the vulnerability from being exploited from this IP. As a consequence, this ought to be used as a mitigation and never as a whole workaround.”
Federal companies ordered to patch inside three weeks
Whereas Fortinet has but to replace its February advisory to substantiate CVE-2024-23113 exploitation, CISA added the vulnerability to its Identified Exploited Vulnerabilities Catalog on Wednesday.
U.S. federal companies are actually additionally required to safe FortiOS units on their networks in opposition to these ongoing assaults inside three weeks, by October 30, as required by the binding operational directive (BOD 22-01) issued in November 2021.
“Some of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose vital dangers to the federal enterprise,” the cybersecurity company warned.
The Dutch Army Intelligence and Safety Service (MIVD) warned in June that Chinese language hackers exploited one other essential FortiOS RCE vulnerability (CVE-2022-42475) between 2022 and 2023 to breach and infect at the least 20,000 Fortigate community safety home equipment with malware.