Skip to the content.

DIVD-2024-00005 - Remote code execution in FortiOS

Our reference DIVD-2024-00005
Case lead Ralph Horn
Author Max van der Horst
Researcher(s)
CVE(s)
Products
  • FortiOS SSL VPN
Versions
  • 7.4.0 through 7.4.2
  • 7.2.0 through 7.2.6
  • 7.0.0 through 7.0.13
  • 6.4.0 through 6.4.14
  • 6.2.0 through 6.2.15
  • All versions 6.0
Recommendation Update your devices to a patched version as soon as possible
Patch status Released
Workaround None
Status Open
Last modified 10 Apr 2024 21:52

Summary

Fortinet is warning that a new Remote Code Execution vulnerability in FortiOS SSL VPN is being exploited by threat actors. Fortinet advises updating to the latest version to install the patch. Failing to install the patch might lead to a threat actor completely taking over your network.

Recommendations

Fortinet urges users to upgrade to the latest version as soon as possible. If you are compromised, DIVD advises you start your incident response process immediately.

What we are doing

DIVD is currently working together with Fox IT to identify vulnerable instances and notify the owners of these systems.

Timeline

Date Description
08 Feb 2024 DIVD starts researching this vulnerability in collaboration with Fox-IT.
09 Feb 2024 DIVD sends out first round of notifications..
gantt title DIVD-2024-00005 - Remote code execution in FortiOS dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2024-00005 - Remote code execution in FortiOS (still open) :2024-02-08, 2024-06-24 section Events DIVD starts researching this vulnerability in collaboration with Fox-IT. : milestone, 2024-02-08, 0d DIVD sends out first round of notifications.. : milestone, 2024-02-09, 0d

More information