H-ISAC TLP White Intelligence Report Critical Fortinet Vulnerability (CVE-2024-23113) Under Active Exploitation

On October 9, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-23113 to its known exploited vulnerabilities catalog. The security flaw affects multiple Fortinet products, including FortiOS, FortiPAM, FortiProxy, and FortiWeb.

Despite Fortinet’s disclosure and release of patches for the vulnerability back in February, CISA has added it to the catalog because it has evidence that it is being actively exploited in the wild.

The vulnerability is a remote code execution (RCE) security flaw that allows threat actors to execute arbitrary code on unpatched devices, potentially leading to complete system compromise.

Health-ISAC provides this information for situational awareness and encourages users to upgrade affected Fortinet products.

A critical vulnerability affecting multiple Fortinet products was recently added to CISA’s known exploited vulnerabilities catalog citing evidence of active exploitation by threat actors. 

The vulnerability is caused by the fgfmd daemon accepting an externally controlled format string as an argument. Successful exploitation allows an unauthenticated threat actor to execute commands or arbitrary code on affected devices in low-complexity attacks without requiring user interaction.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272