Dive Brief:

• Hackers are actively exploiting a critical format string vulnerability in four Fortinet products, federal authorities and security researchers said last week. 
• The Cybersecurity and Infrastructure Security Agency added the vulnerability, listed as CVE-2024-23113, to its known exploited vulnerabilities catalog on Wednesday. The vulnerability, originally disclosed in February, has a CVSS score of 9.8. 
• Exploitation of the vulnerability in FortiOS could allow a remote, unauthenticated hacker to execute arbitrary code or commands on a system, FortiGuard Labs said in a Friday blog post.

Dive Insight:

Fortinet has offered guidance on a workaround to remove FortiGate to FortiManager protocol access.  

“A third-party report is indicating this may be exploited in the wild,” Fortinet said in a Friday update on its blog. The company did not provide additional details of the exploitation.

Fortinet products have faced heightened threat activity this year. In February, the company disclosed active exploitation of CVE-2024-21762, an out-of-bounds write vulnerability, in FortiOS.

Shadowserver researchers said more than 87,000 Foritnet IPs were likely vulnerable to CVE-2024-23113 on Sunday. More than 14,000 of the exposed and likely vulnerable instances of Fortinet IPs were reported in the U.S. 

The vulnerability impacts the following products: 

• Fortinet FortiOS versions 7.4.0 to 7.4.2, 7.2.0 to 7.2.6, 7.0.0 to 7.0.13
• FortProxy versions 7.4.0 to 7.4.2, 7.2.0 to 7.2.8, 7.0.0 to 7.0.15
• FortiPAM versions 1.2, 1.1 and 1.0
• FortiSwitchManager versions 7.2.0 to 7.2.3, 7.0.0 to 7.03

Fortinet did not immediately respond to a request for comment on Monday.