Description: A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVE-2024-23113
Published Date: 2024-02-15T14:15:46.503
Last Modified: 2024-10-10T01:00:01.433
CVSS Score: 9.8 (CRITICAL)
EPSS Score: 0.09%
Risk Score: 6.86 (HIGH)
Risk Score dựa trên điểm CVSS và EPSS. Điểm này chỉ mang tính chất tham khảo và không được công nhận quốc tế.
CVSS:
9.8 |
EPSS:
0.09%
1. Technical Attack Analysis:
– Attack Techniques :
– External-Controlled Format String : The vulnerability allows attackers to exploit format string vulnerabilities to manipulate memory and execute arbitrary code or commands on the device.
– Unauthorized Code Execution : By sending specially crafted packets, an attacker can execute unauthorized commands on vulnerable systems, potentially compromising the integrity and availability of services.
– Proxy Usage (T1090) : Attackers could route their traffic through compromised systems to obfuscate their origin, making detection and attribution more difficult.
– Scheduled Task/Job Execution (T1053.002) : Exploitation could lead to the creation or alteration of scheduled tasks, allowing persistent access or automated execution of malicious payloads.
– Possible Outcomes of Exploitation :
– Full system compromise, allowing attackers to install malware or backdoors.
– Data exfiltration or loss of sensitive information.
– Service disruption or denial of service to legitimate users.
– Potential lateral movement within the network to target other systems.
– Manipulation of network configurations or policies leading to further vulnerabilities.
2. Mitigation Measures:
– Update Fortinet FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager to the latest versions.
– Implement network segmentation to limit the exposure of vulnerable devices.
– Use intrusion detection and prevention systems (IDPS) to monitor traffic for malicious packets.
– Restrict access to management interfaces to trusted IP addresses only.
– Apply least privilege principles for user accounts and services.
– Regularly audit and monitor logs for unusual activities and access patterns.
– Conduct security training for personnel to recognize and respond to potential threats.
– Implement web application firewalls (WAF) to filter and monitor HTTP traffic.
Mitre ATT&CK Technical v15.1
T1090 – Proxy
T1053.002 – At
Liên kết tham khảo
Vendor - Produce - Version
fortinet - fortiproxy - *,
fortinet - fortiproxy - *,
fortinet - fortiproxy - *,
fortinet - fortiswitchmanager - *,
fortinet - fortiswitchmanager - *,
fortinet - fortios - *,
fortinet - fortios - *,
fortinet - fortios - *,
fortinet - fortipam - *,
fortinet - fortipam - *,
fortinet - fortipam - 1.2.0
Tuyên bố từ chối trách nhiệm
Nội dung trên trang web này được tự động lấy từ các trang web bên ngoài như Cơ sở Dữ liệu Lỗ hổng Quốc gia (NVD), GitHub và các nguồn liên quan đến bảo mật khác. Nội dung này chỉ nhằm mục đích tham khảo, và chúng tôi không chịu trách nhiệm về tính chính xác hoặc tính toàn vẹn của thông tin được liên kết hoặc hiển thị từ các nguồn này.