Various imperfections in Fortinet FortiOS solved

Fortinet FortiOS flaws rectified

Pierluigi Paganini
June 13, 2024

Fortinet has rolled out security patches to resolve multiple vulnerabilities in FortiOS, including a significant code execution security matter.

Fortinet has addressed numerous vulnerabilities in FortiOS and other products, including some code execution issues.

The vendor has pointed out that a series of stack-based buffer overflow vulnerabilities in the FortiOS command-line interpreter [CWE-121], collectively identified as CVE-2024-23110 (CVSS score 7.4), can be leveraged by an authenticated attacker to achieve code or command execution through specifically crafted command line arguments.

As stated in the company’s advisory, “Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the FortiOS command-line interpreter may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.”

The vulnerabilities were discovered by Gwendal Guégniaud of Fortinet’s Product Security team.

The affected versions of Fortinet FortiOS are as follows:

The company has also tackled the following issues of medium severity:

• CVE-2024-26010 – A stack-based overflow vulnerability [CWE-124] in FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager could permit a remote attacker to execute arbitrary code or commands by sending crafted packets to the fgfmd daemon. However, the exploitability of this vulnerability depends on specific conditions that are not under the attacker’s control.
• CVE-2024-23111 – A cross-site scripting vulnerability [CWE-79] in the reboot page of FortiOS and FortiProxy could enable a remote attacker with super-admin access to run JavaScript code through specially crafted HTTP GET requests.
• CVE-2023-46720 – Multiple stack-based buffer overflow vulnerabilities [CWE-121] in FortiOS could allow an authenticated attacker to execute arbitrary code using specially crafted CLI commands.

The company has also resolved a low-severity problem identified as CVE-2024-21754.

The company has not disclosed whether any of the above issues were actively exploited in the wild.

Pierluigi Paganini

Connect with me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Fortinet FortiOS)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts