Critical Security Flaw Discovered in Fortinet Security Products Require Upgrade

Publish Date

Type

Cyber Alert

Topics
  • Cybersecurity

A critical vulnerability has been disclosed by Fortinet®, maker of enterprise hardware and software security products. Remote attackers can exploit this flaw to gain unauthorized access to devices, and then exfiltrate data or perform other criminal activities from within the breached network.

The remote code execution involves the sending of specially crafted messages to the FGFM port of the targeted device, when the FortiManager and FortiAnalyzer fgfmsd daemon is enabled. Note that this daemon is disabled by default in FortiAnalyzer and can only be enabled on 1000E, 2000E, 3000D, 3000E, 3000F, 3500E, 3500F, 3700F, and 3900E appliances.

ACA guidance

Immediately assess your usage of Fortinet security products, and apply upgrades/interventions as described below. Reach out to ACA for assistance in assessing the upgrades as needed. Check in with your IT and security services providers as to whether they use Fortinet, and if yes, whether they have implemented the required upgrades.

Per Fortinet, the following products are affected and should be upgraded:

  • FortiManager versions 5.6.10 and below - Upgrade to FortiManager version 5.6.11 or above
  • FortiManager versions 6.0.10 and below - Upgrade to FortiManager version 6.0.11 or above
  • FortiManager versions 6.2.7 and below - Upgrade to FortiManager version 6.2.8 or above
  • FortiManager versions 6.4.5 and below - Upgrade to FortiManager version 6.4.6 or above
  • FortiManager version 7.0.0 - Upgrade to FortiManager version 7.0.1 or above
  • FortiManager versions 5.4.x - Upgrade to the latest available version of FortiManager
  • FortiAnalyzer versions 5.6.10 and below - Upgrade to FortiAnalyzer version 5.6.11 or above
  • FortiAnalyzer versions 6.0.10 and below - Upgrade to FortiAnalyzer version 6.0.11 or above
  • FortiAnalyzer versions 6.2.7 and below - Upgrade to FortiAnalyzer version 6.2.8 or above
  • FortiAnalyzer versions 6.4.5 and below - Upgrade to FortiAnalyzer version 6.4.6 or above
  • FortiAnalyzer version 7.0.0 - Upgrade to FortiAnalyzer version 7.0.1 or above

Additionally, per Fortinet, the following workarounds and protections can be implemented:

  • Disable FortiManager features on the FortiAnalyzer unit using the command below:
    • config system global
    • set fmg-status disable <--- Disabled by default
    • end
  • Protection with FortiGate:
    • Upgrade to IPS definitions version 18.100 or above
    • Make sure the action for signature FG-VD-50483 is set to block

How we help

ACA Aponix® offers the following solutions that can help your firm protect itself in relation to this and similar cybersecurity warnings, and to enhance its cybersecurity in general:

Download our Aponix Protect cybersecurity solution brochure.

If you have any questions, please contact your ACA Aponix consultant or contact us here.