A critical remote code execution (RCE) vulnerability in FortiOS has been actively exploited by attackers, according to the US Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability, CVE-2024-23113, affects devices with FortiGate and FortiManager software versions 7.0 and later, as well as FortiPAM 1.0 and higher, FortiProxy 7.0 and above, and FortiWeb 7.4.
The vulnerability allows unauthenticated threat actors to execute commands or arbitrary code on unpatched devices in low-complexity attacks that don’t require user interaction. CISA disclosed the patch for this vulnerability in February but has now added it to its Known Exploited Vulnerabilities Catalog, indicating it is being actively exploited.
US federal agencies have been ordered to secure their FortiOS devices within three weeks by October 30. The Dutch Military Intelligence and Security Service (MIVD) previously warned that Chinese hackers exploited a similar critical FortiOS RCE vulnerability between 2022 and 2023, breaching at least 20,000 network security appliances with malware.
Source: https://www.bleepingcomputer.com/news/security/cisa-says-critical-fortinet-rce-flaw-now-exploited-in-attacks/