FortiClient and FortiOS are affected by high severity vulnerabilities

Threat ID:CC-4574

Threat Severity:Medium

Published:13 November 2024 3:34 PM

Summary

Affected platforms

The following platforms are known to be affected:

Fortinet FortiOS

Fortinet FortiClient

The following platforms are also known to be affected:

Please review the Fortinet Security Advisories website for a full list of affected products.

Threat details

Introduction

Fortinet has released 18 security advisories to address a range of security vulnerabilities in multiple products.

Three of the advisories address two high severity vulnerabilities in FortiClient for Windows and one high severity vulnerability in FortiOS affecting SSLVPN sessions. FortiClient and FortiOS provide an endpoint detection and response (EDR) solution, a virtual private network (VPN) solution, and other security functionality.

In addition to the three vulnerabilities highlighted below, full details for other affected products can be found at the Fortinet Security Advisories website.

Vulnerability Details

CVE-2023-50176 is a 'session fixation' vulnerability in FortiOS with a CVSSv3 score of 7.1. If exploited, a remote, unauthenticated attacker could hijack a SSLVPN session or execute arbitrary code via a phishing SAML authentication link.

CVE-2024-47574 is an 'authentication bypass' vulnerability in FortiClientWindows with a CVSSv3 score of 7.4. If exploited, an authenticated attacker could execute arbitrary code with high privilege on an affected device.

CVE-2024-36513 is a 'privilege context switching error' vulnerability in FortiClientWindows with a CVSSv3 score of 7.4. If exploited, an authenticated attacker could perform privilege escalation using Lua 'auto patch' scripts.

Proof-of-concept details for CVE-2024-47574 published

Public proof-of-concept details have been released, describing how to exploit authentication bypass vulnerability CVE-2024-47574. Fortinet products have been frequently targeted by attackers in the wild within days of release of proof-of-concept details.

Threat updates


20 Nov 2024	Proof-of-concept released for CVE-2024-47574

Remediation advice

Affected organisations are encouraged to review the details for the high severity vulnerabilities below and apply the relevant updates as soon as practicable. All other vulnerabilities addressed by Fortinet can be found on the Fortinet Security Advisories page.

NOTE: Fortinet recommends using their Upgrade Path Tool to see the recommended upgrade path for a particular Fortinet product.

Remediation steps


Patch	FortiOS - SSLVPN session hijacking using SAML authentication (High) https://www.fortiguard.com/psirt/FG-IR-23-475
Patch	FortiClientWindows - Named Pipes Improper Access Control (High) https://www.fortiguard.com/psirt/FG-IR-24-199
Patch	FortiClientWindows - Privilege escalation via lua auto patch function (High) https://www.fortiguard.com/psirt/FG-IR-24-144

Definitive source of threat updates

https://fortiguard.fortinet.com/psirt

CVE Vulnerabilities

StatusPublished

CVE-2024-47574A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages.

StatusPublished

CVE-2024-36513A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

StatusPublished

CVE-2023-50176A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.

Last edited: 20 November 2024 4:35 pm