Fortinet has recently taken steps to strengthen its cybersecurity posture by patching a critical flaw in the FortiClient Enterprise Management Server (EMS) software, which had left servers vulnerable to remote code execution (RCE) attacks. This effort reflects Fortinet’s commitment to addressing security vulnerabilities promptly to protect against potential cyber threats.
In addressing various security concerns, Fortinet resolved a significant buffer underflow issue within FortiOS and FortiProxy, known as CVE-2023-25610. With a CVSS score of 9.3, this vulnerability could allow attackers to execute code remotely without requiring authentication, affecting a wide range of FortiOS and FortiProxy versions. To mitigate this risk, Fortinet advised users to update their systems to the latest secure versions and provided additional precautions like disabling the HTTP/HTTPS administrative interface or enforcing IP address restrictions for access.
Further updates were issued for FortiOS to counteract critical remote code execution vulnerabilities identified as CVE-2024-21762 and CVE-2024-23313. These vulnerabilities presented the risk of cyber attackers taking control of the affected systems, with CVE-2024-21762 being particularly concerning due to indications of active exploitation in the wild. The Cybersecurity & Infrastructure Security Agency (CISA) has supported Fortinet’s advisories, encouraging prompt application of these updates by users and administrators.
Additionally, Fortinet alerted users to unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, its SIEM solution. Tracked as CVE-2024-23108 and CVE-2024-23109, these vulnerabilities were identified as variants of the initially discovered CVE-2023-34992 flaw, demonstrating the intricate and evolving nature of cybersecurity threats. Despite initial confusion, these were acknowledged as patch bypasses found by Horizon3’s vulnerability expert, Zach Hanley. Fortinet has committed to addressing these in forthcoming FortiSIEM versions.
At the core of Fortinet’s security strategy is the FortiClient, equipped with a vulnerability scanning feature that inspects endpoints for known vulnerabilities, underscoring Fortinet’s holistic approach to cybersecurity. This feature not only identifies and categorizes vulnerabilities by their threat level but also facilitates one-click patching solutions. Significantly, FortiClient supports automatic patching based on the severity of detected vulnerabilities, highlighting the critical role of timely patching in averting potential exploits.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
