Fortinet has recently addressed critical remote code execution (RCE) vulnerabilities in multiple products, including FortiClient Enterprise Management Server (EMS) and FortiOS [1].

Description

One of the identified vulnerabilities, CVE-2024-48788 [1] [2], has a severity rating of 9.3 out of 10 and allows unauthenticated attackers to execute arbitrary code and commands with system admin privileges. This flaw poses a significant risk to affected systems and organizations are advised to upgrade to the latest patched versions to mitigate the threat. The vulnerability was discovered by researchers from Fortinet’s development team and the United Kingdom’s National Cyber Security Center (NCSC) [1]. Additionally, Fortinet devices have been targeted by attackers in the past [1], with previous notable vulnerabilities observed since 2019 [1]. The US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have issued warnings about Fortinet vulnerabilities exploited by nation-state threat actors [1]. Researchers at Horizon3.ai have disclosed details on 16 flaws affecting Fortinet’s Wireless LAN Manager (WLM) and FortiSIEM technologies [1], with most vulnerabilities already patched. However, two vulnerabilities [1] [2], including an unauthenticated limited log file read bug and a static session ID vulnerability [1], remain unpatched [1].

Conclusion

The critical RCE vulnerabilities in Fortinet products pose a serious threat to system security. Organizations should promptly update to the latest patched versions to protect against potential attacks. The collaboration between Fortinet’s development team, NCSC, and other security agencies highlights the importance of proactive vulnerability management in the face of evolving cyber threats.

References

[1] https://www.darkreading.com/vulnerabilities-threats/fortinet-warns-of-yet-another-critical-rce-flaw
[2] https://www.lansweeper.com/blog/vulnerability/fortinet-fixes-3-code-execution-vulnerabilities-in-multiple-products/