Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-23113
CVE-2024-23113:
FortiOS vulnerability analysis and mitigation
Overview
A critical format string vulnerability (CVE-2024-23113) was discovered in Fortinet's fgfmd daemon affecting multiple products. The vulnerability was internally discovered by Gwendal Guégniaud of Fortinet Product Security team and disclosed on February 8, 2024. The affected products include FortiOS (versions 7.4.0-7.4.2, 7.2.0-7.2.6, 7.0.0-7.0.13), FortiProxy (versions 7.4.0-7.4.2, 7.2.0-7.2.8, 7.0.0-7.0.14), FortiPAM (versions 1.2.0, 1.1.0-1.1.2, 1.0.0-1.0.3), and FortiSwitchManager (versions 7.2.0-7.2.3, 7.0.0-7.0.3). The vulnerability has been assigned a CVSS v3.1 score of 9.8 (Critical) (Fortinet Advisory).
Technical details
The vulnerability (CWE-134) is a use of externally-controlled format string in the FortiOS fgfmd daemon, which allows remote unauthenticated attackers to execute arbitrary code or commands via specially crafted requests. The vulnerability specifically affects the FGFM (FortiGate to FortiManager) protocol that runs over SSL connection on TCP port 541, used for central administration and high-availability failover. The exploitation complexity varies depending on the version, with some versions requiring valid certificates while others accepting self-signed certificates (WatchTowr Analysis).
Impact
If successfully exploited, the vulnerability allows attackers to execute unauthorized code or commands on affected systems. The severity is particularly high due to its unauthenticated nature and the critical role these devices play in network infrastructure. The impact varies across different versions, with some configurations being more susceptible to exploitation than others (Fortinet Advisory).
Mitigation and workarounds
Fortinet recommends upgrading to the latest patched versions: FortiOS 7.4.3 or above, 7.2.7 or above, or 7.0.14 or above. For those unable to update immediately, a temporary workaround involves removing fgfm access on each interface by modifying the interface configuration. However, this will prevent FortiGate discovery from FortiManager. While implementing a local-in policy that restricts FGFM connections to specific IPs can reduce the attack surface, it should not be considered a complete solution (Fortinet Advisory).
Community reactions
The vulnerability has gained significant attention in the cybersecurity community, particularly after being added to CISA's Known Exploited Vulnerabilities Catalog on October 9, 2024, with a remediation date of October 30, 2024. Security researchers have noted the complexity of the vulnerability and its varying impact across different versions of affected products (Arctic Wolf).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management