CISA: Security Updates Released for Fortinet Products

Bar Refael

April 11, 2024

Fortinet has issued critical security updates for a range of products, including FortiClient for macOS, FortiOS, and FortiProxy. These updates address several vulnerabilities that could potentially allow cyber threat actors to compromise affected systems and gain unauthorized control.

Vulnerabilities:

  • FR-IR-23-345: A vulnerability has been identified in FortiClient for macOS concerning insufficient validation of configuration files. An attacker could exploit this weakness to alter the client’s configuration, leading to potential data leakage or unauthorized actions.
  • FG-IR-23-493: FortiOS and FortiProxy have been found to contain a flaw that results in the leakage of administrator cookies. This issue could be exploited to hijack administrative sessions, leading to unauthorized system access and potential full system compromise.
  • FG-IR-23-087: FortiClient for Linux is affected by a Remote Code Execution (RCE) vulnerability due to a dangerous configuration in Node.js. This critical vulnerability could allow a remote attacker to execute arbitrary code on the system.

Impact:

If these vulnerabilities are successfully exploited, they could enable an adversary to carry out a range of malicious activities, such as data theft, system hijacking, and the establishment of persistent access for further exploitation.

Mitigation Recommendations:

  • Immediate Patching: Users and administrators are advised to apply the released updates without delay to mitigate the risks posed by these vulnerabilities.
  • Review Configurations: For the issue pertaining to configuration validation in FortiClient for macOS, review your configuration files for any unauthorized modifications.
  • Session Security: As a precautionary measure, consider resetting administrative credentials and reviewing session management settings in the wake of the cookie leakage issue.
  • Environment Hardening: Ensure that all systems running Node.js, particularly those within the FortiClient Linux environment, are properly hardened against RCE attacks.

Further Actions:

  • Review security logs for indications of compromise.
  • Conduct a comprehensive audit of system configurations and network traffic.
  • Implement additional network segmentation and access controls to reduce the potential impact of such vulnerabilities.
  • Stay informed about updates and advisories from Fortinet and consider subscribing to their security bulletin.

Additional Resources:

Further details and technical guidance can be found on Fortinet’s official security advisory page. It is recommended to follow the instructions detailed in the advisories for remediation steps and to stay vigilant for any updates on these issues.

Stay Secure. Stay Informed.

OP Innovate Research Team.

Under Cyber Attack?

Fill out the form and we will contact you immediately.

Get OP Innovate CTI Alerts

Leave your email and get critical updates and alerts straight to your inbox