Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: VULNERABILITIES IN FORTINET'S FORTIEXTENDER AND FORTIAIOPS SOFTWARE COULD LEAD TO PRIVILEGE ESCALATION AND SENSITIVE INFORMATION DISCLOSURE, PATCH IMMEDIATELY!
Image
Published : 10/07/2024
Reference:
Advisory #2024-105
Version:
1.0
Affected software:
Fortinet FortiAIOps
Fortinet FortiExtender
Type:
Improper access control (FortiExtender) and API endpoint (FortiAIOps) vulnerabilities
CVE/CVSS:
CVE-2024-23663: 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (FortiExtender)CVE-2024-27784: 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (FortiAIOps)
Sources
FortiGuard Labs: https://www.fortiguard.com/psirt/FG-IR-23-459 (FortiExtender)
FortiGuard Labs: https://fortiguard.fortinet.com/psirt/FG-IR-24-072 (FortiAIOps)
Risks
Fortinet FortiExtender is a 3G/4G LTE and 5G wireless WAN extender. An improper access control vulnerability (CVE-2024-23663) exists in its software versions 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 creating a risk of privilege escalation.
Fortinet FortiAIOps is an artificial intelligence with machine learning (AI/ML) solution for Fortinet networks. An internally discovered vulnerability (CVE-2024-27784) exists in the API endpoint of its software version 2.0.0 creating a risk of unauthorised information disclosure.
No information is available that the vulnerabilities would be actively exploited. In both instances, exploits could have a high impact on confidentiality, integrity and availability. Patches are available on the vendor's website.
Description
In the case of CVE-2024-23663 (Fortinet FortiExtender), a remote authenticated attacker would be able to create users with elevated privileges via a crafted HTTP request.
In the case of CVE-2024-27784 (Fortinet FortiAIOps), an authenticated attacker would be able to retrieve sensitive information from the API endpoint or logs.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Upgrade FortiExtender to respectively 7.4.3, 7.2.5 or 7.0.5 or higher to mitigate the vulnerability. Upgrade FortiAIOps to 2.0.1 or above to mitigate the vulnerability.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
FortiGuard Labs: https://www.fortiguard.com/psirt/FG-IR-23-459 (FortiExtender)
FortiGuard Labs: https://fortiguard.fortinet.com/psirt/FG-IR-24-072 (FortiAIOps)