FortiOS Vulnerability Let Attackers Execute Unauthorized Commands
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Fortinet has disclosed multiple stack-based buffer overflow vulnerabilities (CVE-2024-23110) in FortiOS’s command line interpreter.
These vulnerabilities could allow authenticated attackers to execute unauthorized code or commands. Gwendal Guégniaud of the Fortinet Product Security team discovered and reported these vulnerabilities.
Affected Versions and Solutions
The vulnerabilities affect several versions of FortiOS. Fortinet has provided the following guidance for affected users:
Fortinet recommends using its upgrade path tool to ensure a smooth transition to the fixed versions. The tool can be accessed at Fortinet’s Upgrade Path Tool.
The vulnerabilities are due to improper handling of command-line arguments in the FortiOS command-line interpreter.
An attacker with authenticated access could exploit these vulnerabilities by sending specially crafted command-line arguments, which could lead to the execution of unauthorized code or commands.
Mitigation and Recommendations
Fortinet advises all users of affected FortiOS versions to upgrade to the recommended versions as soon as possible to mitigate the risk of exploitation.
Users should also follow best practices for network security, including limiting access to the command line interface to trusted users and monitoring for unusual activity.
Using theUpgrade PathTool
VerifyYour FortiOS Version
Log into your FortiGate device to check the current FortiOS version.
Usingthe GUI:
#Cyber_Security_News #Vulnerability #cyber_security_news #FortiOS #vulnerability
Оригинальная версия на сайте:
FortiOS Vulnerability Let Attackers Execute Unauthorized Commands
Author: Guru BaranFortinet has disclosed multiple stack-based buffer overflow vulnerabilities (CVE-2024-23110) in FortiOS’s command line interpreter.
These vulnerabilities could allow authenticated attackers to execute unauthorized code or commands. Gwendal Guégniaud of the Fortinet Product Security team discovered and reported these vulnerabilities.
Affected Versions and Solutions
The vulnerabilities affect several versions of FortiOS. Fortinet has provided the following guidance for affected users:
- FortiOS 7.4 : Versions 7.4.0 through 7.4.2 are affected. Users should upgrade to version 7.4.3 or above.
- FortiOS 7.2 : Versions 7.2.0 through 7.2.6 are affected. Users should upgrade to version 7.2.7 or above.
- FortiOS 7.0 : Versions 7.0.0 through 7.0.13 are affected. Users should upgrade to version 7.0.14 or above.
- FortiOS 6.4 : Versions 6.4.0 through 6.4.14 are affected. Users should upgrade to version 6.4.15 or above.
- FortiOS 6.2 : Versions 6.2.0 through 6.2.15 are affected. Users should upgrade to version 6.2.16 or above.
- FortiOS 6.0 : All versions are affected. Users should migrate to a fixed release.
Fortinet recommends using its upgrade path tool to ensure a smooth transition to the fixed versions. The tool can be accessed at Fortinet’s Upgrade Path Tool.
The vulnerabilities are due to improper handling of command-line arguments in the FortiOS command-line interpreter.
An attacker with authenticated access could exploit these vulnerabilities by sending specially crafted command-line arguments, which could lead to the execution of unauthorized code or commands.
Mitigation and Recommendations
Fortinet advises all users of affected FortiOS versions to upgrade to the recommended versions as soon as possible to mitigate the risk of exploitation.
Users should also follow best practices for network security, including limiting access to the command line interface to trusted users and monitoring for unusual activity.
Using theUpgrade PathTool
- Access the Upgrade Path Tool : Visit Fortinet’s Upgrade Path Tool.
- Select Product and Versions : Choose your current FortiGate product, current FortiOS version, and the target FortiOS version.
- Follow Recommended Path : The tool will provide a recommended upgrade path. Download all intermediate firmware versions if necessary.
VerifyYour FortiOS Version
Log into your FortiGate device to check the current FortiOS version.
Usingthe GUI:
- Log into the FortiGate web interface.
- Go to Dashboard > System Information .
- Check the Firmware Version field to see the current version of FortiOS.
#Cyber_Security_News #Vulnerability #cyber_security_news #FortiOS #vulnerability
Оригинальная версия на сайте:
