CVE-2024-36505 – This CVE describes an improper access control v... (How to Fix)

Q: What is the severity of CVE-2024-36505?

CVE-2024-36505 has a CVSS score of 5.1 (MEDIUM). This CVE describes an improper access control vulnerability in FortiOS that allows an attacker with existing write access to the system to bypass file integrity checking. The vulnerability affects multiple FortiOS versions from 6.4.x through 7.4.3. Attackers must already have compromised the system through another exploit to leverage this vulnerability.

📋 TL;DR

This CVE describes an improper access control vulnerability in FortiOS that allows an attacker with existing write access to the system to bypass file integrity checking. The vulnerability affects multiple FortiOS versions from 6.4.x through 7.4.3. Attackers must already have compromised the system through another exploit to leverage this vulnerability.

💻 Affected Systems

Products:

FortiOS

Versions: 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14, and all 6.4.x versions

Operating Systems: FortiOS

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations of affected versions are vulnerable. The vulnerability requires an attacker to already have write access to the system through other means.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with existing system access could modify critical system files without detection, potentially establishing persistent backdoors, disabling security controls, or escalating privileges further.

🟠

Likely Case

An attacker who has already gained write access could bypass integrity monitoring to maintain persistence or hide malicious modifications to system files.

🟢

If Mitigated

With proper access controls preventing initial system compromise, this vulnerability cannot be exploited as it requires pre-existing write access.

🌐 Internet-Facing: LOW - This vulnerability requires an attacker to already have write access to the system, which typically requires prior compromise through other means.

🏢 Internal Only: MEDIUM - If an attacker gains internal access through other means, this could be used to maintain persistence or evade detection.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM - Requires existing system write access plus knowledge of the bypass technique

Exploitation requires the attacker to already have compromised the system through another vulnerability or misconfiguration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiOS 7.4.4, 7.2.8, 7.0.15, and 6.4.15

Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-24-012

Restart Required: Yes

Instructions:

1. Download the patched FortiOS version from Fortinet support portal. 2. Backup current configuration. 3. Upload and install the new firmware through the web interface or CLI. 4. Reboot the device after installation completes.

🔧 Temporary Workarounds

Restrict administrative access

all

Limit administrative access to FortiOS devices to trusted networks and users only

Implement network segmentation

all

Segment FortiOS management interfaces from general user networks

🧯 If You Can't Patch

Implement strict access controls to prevent initial system compromise
Monitor for unauthorized file modifications using external integrity checking tools

🔍 How to Verify

Check if Vulnerable:

Check FortiOS version via CLI: 'get system status' or web interface: System > Dashboard

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify version is 7.4.4, 7.2.8, 7.0.15, 6.4.15 or later using 'get system status' command

📡 Detection & Monitoring

Log Indicators:

Unexpected file modifications in system directories
Integrity check failures or bypass attempts

Network Indicators:

Unusual administrative access patterns to FortiOS management interfaces

SIEM Query:

source="fortios" AND (event_type="file_modification" OR event_type="integrity_check")

📊 Metadata

CVE ID: CVE-2024-36505

CVSS v3 Score: 5.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-284

Published: August 13, 2024

Last Updated: August 22, 2024

🔗 References

https://fortiguard.fortinet.com/psirt/FG-IR-24-012 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36505, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict administrative access

Implement network segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities