Fortinet Fixes Critical Remote Code Flaw

Fortinet has patched a critical remote code execution vulnerability in its Secure Sockets Layer network protocol that could give adversaries access to networks.

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm

The vulnerability affects all versions of Fortigate firewalls, and specifically the Secure Sockets Layer VPN functionalities that allow individual users to access an organization’s network. It can be exploited without credentials and can bypass multifactor authentication, according to French cybersecurity firm Olympe Cyberdefense, which uncovered the flaw on Friday.

Olympe said a CVE for the vulnerability will be released on Tuesday.

Following the disclosure, Fortinet on Friday rolled out patches to firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5. The company has not publicly acknowledged the vulnerability, but in a statement to Information Security Media Group it said that it had alerted customers confidentially prior to release of the advisory.

Security researchers and developer communities said the patches released Friday by the company also contain fixes for the new RCE flaw.

No attacks exploiting this vulnerability have been reported. It is the second flaw reported by Fortinet this year. In January, a suspected Chinese government-backed group exploited a Fortinet VPN vulnerability tracked as CVE-2022-42475 to deliver a Linux backdoor malware variant (see: Fortinet VPN Flaw Shows Pitfalls of Security Appliances).

Security firm Mandiant, which uncovered the Chinese campaign, said nation-state actors are more actively exploiting vulnerabilities in security appliances such as Fortigate because of the difficulty in detecting malicious activity.

Due to the severity of the latest flaw, cybersecurity agencies in Australia, China and Israel on Monday released separate alerts requesting Fortinet users to patch the vulnerability immediately.