Fortinet addressed multiple vulnerabilities in FortiOS and other products, including some code execution flaws.
The company states that multiple stack-based buffer overflow vulnerabilities in the command line interpreter of FortiOS [CWE-121], collectively tracked as CVE-2024-23110 (CVSS score of 7.4), can be exploited by an authenticated attacker to achieve code or command execution via specially crafted command line arguments
“Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the command line interpreter of FortiOS may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments” reads the published by the company.
Gwendal Guégniaud of Fortinet Product Security team discovered the vulnerabilities.
The flaws impact the following versions of the Fortinet FortiOS :
Version | Affected | Solution |
---|---|---|
FortiOS 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
FortiOS 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
FortiOS 7.0 | 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above |
FortiOS 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
FortiOS 6.2 | 6.2.0 through 6.2.15 | Upgrade to 6.2.16 or above |
FortiOS 6.0 | 6.0 all versions | Migrate to a fixed release |
The company also addressed the following medium-severity issues:
The company also fixed a low-severity issue tracked as .
The company did not reveal if one of the above issues was actively exploited in the wild.
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, Fortinet FortiOS)