The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning after confirming that attackers are actively exploiting a critical remote code execution (RCE) vulnerability in FortiOS. This vulnerability, identified as CVE-2024-23113, affects unpatched Fortinet devices and allows malicious actors to execute commands or arbitrary code without authentication, using low complexity attacks that do not require user interaction.
The vulnerability lies in the Fortinet daemon fgfmd, responsible for handling authentication requests and keep-alive messages between FortiGate and FortiManager, among other critical tasks such as updating files and databases. According to Fortinet, CVE-2024-23113 affects several versions of their products, including FortiOS 7.0 and later, FortiPAM 1.0 and later, FortiProxy 7.0 and later, and FortiWeb 7.4.
The issue was discovered and fixed by Fortinet in February of this year, at which point the company recommended that administrators disable access to the fgfmd daemon from all interfaces as a mitigation measure to prevent potential attacks. However, these warnings have not been sufficient, as CISA confirmed that attackers have started exploiting this vulnerability on vulnerable devices.
In response to the growing threat, CISA has added vulnerability CVE-2024-23113 to its catalogue of Known Exploited Vulnerabilities and has mandated that U.S. federal agencies patch their FortiOS devices within the next three weeks, by October 30th. This directive, BOD 22-01, was originally implemented in November 2021 as a binding operational measure to strengthen cybersecurity in federal networks.
“These types of vulnerabilities are common attack vectors for malicious cyber actors and pose significant risks to federal infrastructure,” warned CISA in their statement.
The active exploitation of CVE-2024-23113 underscores the urgent need for organizations to update and strengthen the security of their Fortinet devices. Companies and government agencies must act quickly to mitigate risks and avoid falling into the hands of malicious actors who may exploit these vulnerabilities to compromise critical networks.