Fortinet has released patches for vulnerabilities affecting its popular products, including FortiClient VPN, FortiManager, and FortiWLM. These flaws range from password exposure to remote code execution and unauthorized file access, potentially putting millions of users at risk.
Overview of CVE-2024-50570: FortiClient VPN Exposing User Credentials
This vulnerability pertains to FortiClient VPN and has been designated with the CVE identifier CVE-2024-50570. It holds a CVSS score of 5.0, marking it as a medium-severity vulnerability. This issue is identified as Cleartext Storage of Sensitive Information (CWE-312).
What’s the Issue?
The vulnerability is rooted in the way FortiClient VPN stores sensitive information. Specifically, it stores VPN passwords in plain text. This means that any local authenticated user, someone who already has access to the system, could potentially retrieve these passwords. The problem arises due to how the JavaScript garbage collector functions, which might allow these sensitive details to be exposed via a memory dump.
Affected Versions
This vulnerability impacts multiple versions of FortiClient across different operating systems:
- FortiClient for Windows: Versions from 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, and 7.0.0 through 7.0.13.
- FortiClient for Linux: Versions from 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, and 7.0.0 through 7.0.13.
Implications
For users of these versions, this vulnerability presents a security risk. If an attacker gains access to the system, they could exploit this issue to retrieve VPN passwords, potentially leading to unauthorized access to VPN-secured networks and data.
Overview of CVE-2024-48889: FortiManager Remote Code Execution Vulnerability
This particular vulnerability is identified as CVE-2024-48889 and has been assessed with a CVSS score of 7.2, which designates it as a high-severity issue. It falls under the category of OS Command Injection (CWE-78).
What’s the Issue?
The vulnerability originates from inadequate neutralization of special elements utilized within OS commands. This inadequacy means that an attacker could potentially inject and execute arbitrary commands on the FortiManager system by sending specially crafted requests. Essentially, the system doesn’t properly sanitize or validate these elements, leaving it vulnerable to exploitation.
Technical Details
When FortiManager processes certain inputs from users, it may inadvertently allow an attacker to inject OS commands into the system’s execution flow. This flaw can be exploited by a remote attacker who has authenticated access, allowing them to gain unauthorized control over the system. The attacker can execute arbitrary commands, leading to a variety of malicious outcomes, including data theft, system manipulation, or further network compromise.
Affected Versions
This vulnerability impacts several versions of FortiManager across different platforms:
- FortiManager for Windows and Linux:
- Versions 7.6.0
- Versions 7.4.4 and below
- Versions 7.2.7 and below
- Versions 7.0.12 and below
- Versions 6.4.14 and below
- FortiManager Cloud:
- Versions 7.4.4 and below
- Versions 7.2.7 to 7.2.1
- Versions 7.0.12 to 7.0.1
Implications
The potential consequences of this vulnerability are significant:
- Remote Code Execution: An attacker can run arbitrary code on the system, leading to full control over FortiManager.
- Data Breach: Unauthorized access to sensitive data stored or managed by FortiManager.
- System Compromise: Potential for complete system takeover, allowing further malicious activities within the network.
Overview of CVE-2023-34990: Unauthenticated File Access in FortiWLM
CVE-2023-34990 is a critical security vulnerability affecting FortiWLM, Fortinet’s Wireless LAN Management solution. This issue has been assigned a CVSS score of 9.8, indicating its high severity. It allows unauthenticated attackers to access sensitive files through a relative path traversal vulnerability.
Technical Details:
A relative path traversal vulnerability occurs when an application does not properly sanitize user input, allowing attackers to manipulate the file path. This can lead to unintended access to sensitive files that should normally be restricted.
Impacted Versions:
- FortiWLM versions 8.6.0 through 8.6.5
- FortiWLM versions 8.5.0 through 8.5.4
Fixed Versions:
- The vulnerability has been addressed in FortiWLM versions 8.6.6 and above
- It is also fixed in FortiWLM versions 8.5.5 and above
Potential Impact:
If exploited, this vulnerability could allow attackers to:
- Access sensitive configuration files
- Extract confidential information
- Perform unauthorized actions on the system
Such unauthorized in data breaches, loss of sensitive information, and further exploitation of the network.
Recommendations:
In addition to patching affected systems, it is beneficial to:
- Conduct a thorough security assessment to identify and address any other potential vulnerabilities.
- Implement strict access controls to limit the exposure of sensitive files and information.
- Regularly back up data and ensure that recovery procedures are in place in the event of a breach.
