Fortinet on Tuesday announced patches for multiple vulnerabilities in FortiOS and other products, including several flaws leading to code execution.
The most severe of the issues is CVE-2024-23110 (CVSS score of 7.4), which collectively tracks multiple stack-based buffer overflow security defects in the platform’s command line interpreter.
Successful exploitation of the high-severity flaw, Fortinet explains, “may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.”
The bug impacts FortiOS versions 6.x and 7.x and was addressed with the release of FortiOS 6.2.16, 6.4.15, 7.0.14, 7.2.7, and 7.4.3.
Another medium-severity stack-based overflow vulnerability, tracked as CVE-2024-26010 and impacting FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager, can be exploited by remote attackers to execute arbitrary code or commands if specific conditions are met.
On Tuesday, Fortinet also warned of multiple medium-severity stack-based buffer overflow vulnerabilities (collectively tracked as CVE-2023-46720) in FortiOS that could be exploited for arbitrary code execution via crafted CLI commands.
FortiOS versions 7.2.8 and 7.4.4 contain fixes for the bug. Customers using previous iterations of the platform are advised to upgrade to a fixed release.
Fortinet also addressed two medium-severity issues that impact both FortiOS and FortiProxy and which could allow attackers to execute JavaScript code or decrypt backup files.
Security updates Fortinet released this week also address two SQL injection flaws, one in FortiPortal, leading to information disclosure, and another in FortiSOAR Event Auth API, leading to code or command execution.
On Tuesday, Fortinet also acknowledged that some of its products are affected by the recently disclosed TunnelVision attack (CVE-2024-3661) that allows attackers to use built-in features of DHCP to bypass VPN protections and snoop on victims’ traffic.
According to Fortinet’s advisory, users of FortiClientWindows (SSL-VPN) can mitigate the attack by using ‘Full-Tunnel’ with ‘exclusive-routing’ enabled. Fixes for the bug will be included in future versions of FortiClientWindows (IPsec VPN), FortiClientMac, and FortiClientLinux.
Fortinet makes no mention of any of these vulnerabilities being exploited in attacks but threat actors are known to have exploited flaws in Fortinet products for which patches had been released.
Related: Fortinet Patches Critical RCE Vulnerability in FortiClientLinux
Related: Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks
Related: Fortinet Patches Critical Vulnerabilities Leading to Code Execution