An important security vulnerability (CVE-2024-23113) has been discovered in several Fortinet products, including FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager. The vulnerability affects specific versions of these products, allowing an attacker to compromise the system through specially crafted input. This vulnerability was reported by security researchers and is considered critical as it can allow for remote code execution or complete system compromise.
| Product | Fortinet FortiPAM, Fortinet FortiProxy, Fortinet FortiSwitchManager, Fortinet FortiOS |
| Date | 2024-10-11 17:11:08 |
| Information |
|
Technical Summary
A severe security vulnerability (CVE-2024-23113) has been discovered in several Fortinet products, including FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager. The vulnerability affects specific versions of these products, allowing attackers to exploit the system through specially crafted input. This flaw was reported by security researchers and is considered critical due to its ability to facilitate remote code execution or system compromise.
Recommendations
- Immediately update to the latest available versions of the affected Fortinet products:
- FortiOS: upgrade to versions 7.0.14, 7.2.7, 7.4.3, or later.
- FortiProxy: upgrade to versions 7.0.15, 7.2.9, 7.4.3, or later.
- FortiPAM: upgrade to versions 1.1.3, 1.2.1, or later.
- FortiSwitchManager: upgrade to versions 7.0.4, 7.2.4, or later.
- Restrict network access to trusted IP addresses and reduce the exposure of management interfaces.
[Callforaction-THREAT-Footer]
