CERT-In Vulnerability Note
CIVN-2024-0192
Multiple Vulnerabilities in Fortinet Products
Original Issue Date:June 18, 2024
Severity Rating: HIGH
Software Affected
- FortiOS 7.4.0 through 7.4.3
- FortiOS 7.2.0 through 7.2.7
- FortiOS 7.0.0 through 7.0.14
- FortiOS 6.4 all versions
- FortiOS 6.2 all versions
- FortiOS 6.0 all versions
- FortiPAM 1.3 Not affected
- FortiPAM 1.2 1.2 all versions
- FortiPAM 1.1 1.1 all versions
- FortiPAM 1.0 1.0 all versions
- FortiProxy versions 7.4.0 through 7.4.3
- FortiProxy versions 7.2.0 through 7.2.9
- FortiProxy versions 7.0.0 through 7.0.16
- FortiProxy 2.0 all versions
- FortiProxy 1.2 all versions
- FortiProxy 1.1 all versions
- FortiProxy 1.0 all versions
- FortiSwitchManager 7.2.0 through 7.2.3
- FortiSwitchManager 7.0.1 through 7.0.3
- FortiClientLinux 7.4 7.4.0
- FortiClientLinux 7.2 7.2.0 through 7.2.4
- FortiClientLinux 7.0 7.0 all versions
- FortiClientLinux 6.4 6.4 all versions
- FortiClientMac 7.4.0
- FortiClientMac 7.2.0 through 7.2.4
- FortiClientMac 7.0 all versions
- FortiClientMac 6.4 all versions
- FortiClientWindows 7.4.0
- FortiClientWindows 7.2.0 through 7.2.4
- FortiClientWindows 7.0 all versions
- FortiClientWindows 6.4 all versions
- FortiOS 7.4.0 through 7.4.2
- FortiOS 7.2.0 through 7.2.6
- FortiOS 7.0.0 through 7.0.13
- FortiOS 6.4.0 through 6.4.14
- FortiOS 6.2.0 through 6.2.15
Overview
Multiple vulnerabilities have been reported in Fortinet products which could be exploited by an attacker to perform Man-in-the-Middle attacks, execute arbitrary code, and may result in complete compromise of the vulnerable system.
Description
1. Stack-based buffer overflow vulnerability
(
CVE-2024-23110
)
This vulnerability exists due to a boundary error within the diag npu command. An attacker could exploit this vulnerability by sending specially crafted packets reaching the fgfmd daemon on the targeted system.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code and may result in complete compromise of the vulnerable system.
2. Tunnel Vision vulnerability
(
CVE-2024-3661
)
This vulnerability exists due to the way the VPN client handles routes advertised by the DHCP server. A remote attacker with access to the local network can route the victims traffic to a malicious server instead of sending it via a secured channel.
Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to bypass the use of protected VPN tunnels and reroute VPN traffic by setting more specific routes than VPNs on target¿s routing table thereby allowing remote attacker to perform Man-in-the-Middle (MitM) attack.
3. Stack-based buffer overflow vulnerability
(
CVE-2024-26010
)
This vulnerability exists due to a boundary error when processing specially crafted packets within the fgfmd daemon. An attacker could exploit this vulnerability by sending specially crafted packets and trigger a stack-based buffer overflow on the targeted system.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code and may result in complete compromise of the vulnerable system.
Solution
Apply appropriate updates as mentioned in Fortinet advisories:
https://www.fortiguard.com/psirt/FG-IR-24-036
https://www.fortiguard.com/psirt/FG-IR-24-170
https://www.fortiguard.com/psirt/FG-IR-23-460
Vendor Information
Fortinet PSIRT
https://www.fortiguard.com/psirt/FG-IR-24-036
https://www.fortiguard.com/psirt/FG-IR-24-170
https://www.fortiguard.com/psirt/FG-IR-23-460
References
Fortinet PSIRT
https://fortiguard.fortinet.com/psirt
CVE Name
CVE-2024-23110
CVE-2024-3661
CVE-2024-26010
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|