Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2024102101101919 | Publication Time | 2024/10/21 13:25 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/10/19 13:25 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】Fortinet multiple products contain security vulnerabilities (CVE-2024-23113), immediate verification and patching recommended |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202410-00000041 Recent research has identified a format string vulnerability (CVE-2024-23113) in multiple Fortinet products. Remote attackers without authentication can exploit this vulnerability by sending specially crafted packets to execute arbitrary code on affected products. This vulnerability has already been exploited by hackers, so immediate verification and patching are recommended. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] ● FortiOS versions 7.0.0 to 7.0.13, 7.2.0 to 7.2.6, and 7.4.0 to 7.4.2 ● FortiProxy versions 7.0.0 to 7.0.14, 7.2.0 to 7.2.8, and 7.4.0 to 7.4.2 ● FortiPAM versions 1.0.0 to 1.0.3, 1.1.0 to 1.1.2, and version 12.0 ● FortiSwitchManager versions 7.0.0 to 7.0.3 and 7.2.0 to 7.2.3 |
|||
| [Recommended Actions] The official patch for the vulnerability has been released. Please refer to the official information at the following URL:https://www.fortiguard.com/psirt/FG-IR-24-029 |
|||
| [Reference] 1.Vulnerability Details: https://nvd.nist.gov/vuln/detail/CVE-2024-23113 2.Fortinet Website: https://www.fortiguard.com/psirt/FG-IR-24-029 3.InformationSecurity: https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11314 4.IThome: https://www.ithome.com.tw/news/165432 |
|||