CVE-2024-23670 – CVE-2024-23670 is an improper authorization vul... (How to Fix)

Q: What is the severity of CVE-2024-23670?

CVE-2024-23670 has a CVSS score of 7.8 (HIGH). CVE-2024-23670 is an improper authorization vulnerability in Fortinet FortiWebManager that allows attackers to execute unauthorized code or commands via HTTP requests or CLI. This affects organizations running vulnerable versions of FortiWebManager, potentially leading to complete system compromise.

📋 TL;DR

CVE-2024-23670 is an improper authorization vulnerability in Fortinet FortiWebManager that allows attackers to execute unauthorized code or commands via HTTP requests or CLI. This affects organizations running vulnerable versions of FortiWebManager, potentially leading to complete system compromise.

💻 Affected Systems

Products:

Fortinet FortiWebManager

Versions: 7.2.0, 7.0.0 through 7.0.4, 6.3.0, 6.2.3 through 6.2.4, 6.0.2

Operating Systems: FortiOS-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with affected versions are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with administrative privileges, data exfiltration, lateral movement within the network, and persistent backdoor installation.

🟠

Likely Case

Unauthorized command execution leading to configuration changes, data manipulation, or service disruption of the FortiWebManager system.

🟢

If Mitigated

Limited impact due to network segmentation, strict access controls, and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH - If FortiWebManager is exposed to the internet, attackers can directly exploit this vulnerability without internal access.

🏢 Internal Only: MEDIUM - Requires internal network access, but still poses significant risk to network security if exploited.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires some level of access to the system (HTTP or CLI), but the vulnerability itself is straightforward to exploit once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions 7.2.1, 7.0.5, 6.3.1, 6.2.5, 6.0.3 and later

Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-23-222

Restart Required: Yes

Instructions:

1. Download the patched version from Fortinet support portal. 2. Backup current configuration. 3. Apply the firmware update through the web interface or CLI. 4. Reboot the system. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to FortiWebManager management interfaces to trusted IP addresses only

config system interface
edit <interface_name>
set allowaccess https ssh
set trust-ip <trusted_ip_range>
end

Disable Unnecessary Services

all

Disable HTTP/HTTPS management if CLI-only management is sufficient

config system interface
edit <interface_name>
set allowaccess ssh
unset allowaccess https
end

🧯 If You Can't Patch

Implement strict network segmentation to isolate FortiWebManager from other critical systems
Enable detailed logging and monitoring for suspicious HTTP requests or CLI commands

🔍 How to Verify

Check if Vulnerable:

Check FortiWebManager version via web interface (System > Dashboard) or CLI command: get system status

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify version is 7.2.1, 7.0.5, 6.3.1, 6.2.5, 6.0.3 or later using: get system status

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to management interfaces
Unauthorized CLI command execution
Failed authorization attempts followed by successful commands

Network Indicators:

Unexpected outbound connections from FortiWebManager
Traffic patterns indicating command execution

SIEM Query:

source="fortiwebmanager" AND (event_type="auth_failure" OR cmd_exec="*" OR http_request="*/api/*")

📊 Metadata

CVE ID: CVE-2024-23670

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-285

Published: June 3, 2024

Last Updated: December 17, 2024

🔗 References

https://fortiguard.fortinet.com/psirt/FG-IR-23-222 Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-23-222 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23670, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortiwebmanager by Fortinet

Fortiwebmanager by Fortinet

Fortiwebmanager by Fortinet

Fortiwebmanager by Fortinet

Fortiwebmanager by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

Disable Unnecessary Services

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities