top of page

Subscribe to our newsletter

Urgent: Fortinet Products Affected by Severe Security Flaws

  • Writer: Guy Halfon
    Guy Halfon
  • Apr 8
  • 3 min read



Executive Summary

In a recent series of advisories, Fortinet’s FortiGuard Labs disclosed multiple critical vulnerabilities across its security product portfolio, including FortiOS, FortiManager, FortiAnalyzer, FortiWeb, and FortiClientEMS. These vulnerabilities range from Remote Code Execution (RCE) and OS Command Injection to Directory Traversal, Cross-site Scripting (XSS), Privilege Escalation, and Improper Certificate Validation. Given the widespread deployment of Fortinet solutions in enterprise environments, these flaws pose significant risk to organizational security if left unpatched.

The vulnerabilities include improper input sanitization, missing certificate validations, and logic flaws in user management and authentication. While there are currently no public exploitations observed in the wild, the nature of these flaws — many of which require only authenticated access or minor configuration changes — makes them highly attractive to threat actors. Immediate patching and environment reviews are strongly advised.


Technical Information

1. Technical Details

1. Use of Uninitialized Resource in SSLVPN WebSocket

  • FortiGuard ID: FG-IR-23-165

  • CVE: CVE-2023-42789

  • Impact: Crash or potential code execution in SSLVPN daemon

  • Affected: FortiOS/FortiProxy 7.2.0 - 7.2.4

2. OS Command Injection in Diagnose Feature (GUI)

  • FortiGuard ID: FG-IR-24-397

  • CVE: CVE-2024-23108

  • Impact: Remote command execution by authenticated users

  • Affected: FortiAnalyzer/FortiManager 7.4.0 - 7.4.4

3. Directory Traversal via API

  • FortiGuard ID: FG-IR-24-474

  • CVE: CVE-2024-26012

  • Impact: Unauthorized file access

  • Affected: FortiWeb 7.0.0 - 7.0.2

4. No Certificate Name Verification for FGFM Connection

  • FortiGuard ID: FG-IR-24-046

  • CVE: CVE-2024-21762

  • Impact: Man-in-the-middle risk

  • Affected: FortiOS 7.0.0 - 7.0.2

5. Unverified Password Change via set_password Endpoint

  • FortiGuard ID: FG-IR-24-435

  • CVE: CVE-2024-23110

  • Impact: Brute-force or unauthorized password reset

  • Affected: FortiSOAR 7.2.0 - 7.2.4

6. Incorrect User Management in Widgets Dashboard

  • FortiGuard ID: FG-IR-24-184

  • CVE: CVE-2024-23105

  • Impact: Privilege escalation via GUI

  • Affected: FortiManager/FortiAnalyzer 7.2.0 - 7.2.3

7. LDAP Clear-Text Credentials Exposure

  • FortiGuard ID: FG-IR-24-111

  • CVE: CVE-2024-23107

  • Impact: Credential disclosure via IP manipulation

  • Affected: FortiOS 7.0.0 - 7.0.2

8. JavaScript Injection via EMS Messages

  • FortiGuard ID: FG-IR-23-344

  • CVE: CVE-2023-48788

  • Impact: XSS on client interface

  • Affected: FortiClientEMS 7.0.0 - 7.0.1

9. OS Command Injection on gen-ca-cert Command

  • FortiGuard ID: FG-IR-24-392

  • CVE: CVE-2024-23109

  • Impact: Command execution by authenticated users

  • Affected: FortiOS 7.2.0 - 7.2.4

10. Log Pollution via Login Page

  • FortiGuard ID: FG-IR-24-453

  • CVE: CVE-2024-26013

  • Impact: Log injection / manipulation

  • Affected: FortiOS 7.2.0 - 7.2.4


Exploitation in the Wild

As of the time of publication, there are no publicly documented cases of active exploitation of these vulnerabilities. However, due to the relative simplicity of exploitation and critical nature of some flaws, Rescana strongly recommends immediate remediation to prevent opportunistic or targeted attacks.

APT Groups Using This Vulnerability

There are no known Advanced Persistent Threat (APT) groups currently linked to the exploitation of these specific vulnerabilities. Nonetheless, Fortinet products are commonly targeted by nation-state and criminal groups, and these types of flaws are frequently weaponized soon after disclosure.

Affected Product Versions

All vulnerabilities listed above impact various versions of Fortinet products, primarily:

  • FortiOS (7.0.x to 7.2.x)

  • FortiManager and FortiAnalyzer (7.2.x – 7.4.x)

  • FortiWeb (7.0.x)

  • FortiSOAR (7.2.x)

  • FortiClientEMS (7.0.x)

Refer to each advisory link for detailed version mapping and patch availability.

Workaround and Mitigation

The recommended action across all vulnerabilities is:

  • Upgrade to the latest versions listed in each advisory.

  • Conduct internal reviews of configurations and logs for potential suspicious activity.

  • Use network segmentation and least privilege principles to limit lateral movement in case of partial compromise.

  • Ensure logging and alerting is configured to catch potential exploitation attempts.

References

Rescana is here for you

At Rescana, we specialize in Third Party Risk Management (TPRM) and Vulnerability Intelligence, helping organizations stay ahead of emerging threats. If you’re using Fortinet products and need assistance assessing exposure or prioritizing remediation, our team is here to help.

📩 Contact us at ops@rescana.com for a consultation or threat exposure assessment.

 
 
bottom of page