October 10, 2024: CISA has recently added CVE-2024-23113, a critical remote code execution vulnerability in Fortinet products that is actively being exploited, to its catalog of Known Exploited Vulnerabilities.
This flaw impacts FortiOS 7.0 and later, FortiPAM 1.0 and higher, FortiProxy 7.0 and above, and FortiWeb 7.4 and carries a CVSS score of 9.8/10.
Federal Civilian Executive Branch agencies are mandated to apply the patch and vendor-provided mitigations by October 30, 2024.
Mitigation
Fortinet disclosed and patched this flaw back in February of 2024, advising administrators to remove access to the fgfmd damon for all interfaces as a mitigation measure designed to block potential attacks.
For each interface, administrators should remove the fgfm access as a workaround. This should be used as a mitigation and not as a complete workaround.
For recommended upgrade paths, Fortinet has provided this tool.
Solutions
If you are concerned about this flaw impacting your network, contact SecuLore for more information to get started with a monitoring option to detect malicious traffic attempting to exploit vulnerabilities on your network security.
SecuLore CyberSight™ provides management of your attack surface and monitoring through our patented technology to detect vulnerabilities in your network and detect anomalous behavior. The technology passively captures all traffic on your network to identify threats that are often missed by other layers of security. The packet captures are sent to our Security Operations Center to be processed via a unique behavioral analysis that is constantly reviewed by our team of CEH (Certified Ethical Hackers)
Stay cyber-safe,
SecuLore Support Team
Other Alerts
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.