DIVD-2024-00005 - Remote code execution in FortiOS
| Our reference | DIVD-2024-00005 |
| Case lead | Ralph Horn |
| Author | Max van der Horst |
| Researcher(s) |
|
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | Update your devices to a patched version as soon as possible |
| Patch status | Released |
| Workaround | None |
| Status | Closed |
| Last modified | 04 Jul 2024 10:33 CEST |
Summary
Fortinet is warning that a new Remote Code Execution vulnerability in FortiOS SSL VPN is being exploited by threat actors. Fortinet advises updating to the latest version to install the patch. Failing to install the patch might lead to a threat actor completely taking over your network.
Recommendations
Fortinet urges users to upgrade to the latest version as soon as possible. If you are compromised, DIVD advises you start your incident response process immediately.
What we are doing
DIVD is currently working together with Fox IT to identify vulnerable instances and notify the owners of these systems.
Timeline
| Date | Description |
|---|---|
| 08 Feb 2024 | DIVD starts researching this vulnerability in collaboration with Fox-IT. |
| 09 Feb 2024 | DIVD sends out first round of notifications. |
| 15 Feb 2024 | DIVD closes the case. |
gantt
title DIVD-2024-00005 - Remote code execution in FortiOS
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2024-00005 - Remote code execution in FortiOS (7 days) :2024-02-08, 2024-02-15
section Events
DIVD starts researching this vulnerability in collaboration with Fox-IT. : milestone, 2024-02-08, 0d
DIVD sends out first round of notifications. : milestone, 2024-02-09, 0d
DIVD closes the case. : milestone, 2024-02-15, 0d