CyberSecurity Malaysia

1.0 Introduction
Recently, Fortinet has released security updates to address a malicious file from previously exploited Fortinet vulnerabilities ( CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475) within FortiGate products.

2.0 Impact
This malicious file could enable read-only access to files on the device’s file system, which may include configurations.

3.0 Affected Products

FG-IR-22-398: Heap-based buffer overflow in sslvpnd
FG-IR-23-097: Heap buffer overflow in sslvpn pre-authentication
FG-IR-24-015: Out-of-outbound Write in sslvpnd

4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the Fortinet Security Updates for Multiple Products and apply necessary updates.

Upgrade to FortiOS versions 7.6.2, 7.4.7, 7.2.11, 7.0.17, 6.4.16 to remove the malicious file and prevent re-compromise.

Kindly refer to the following URL:

Generally, we advise the users of the devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact us through the following channels:

E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my

5.0 References

Select User Category

Select User Category

Select User Category

Select User Category

Cyber999 Advisories

MA-1310.042025: MyCERT Advisory - Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities

Search

Type

Archives