June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Microsoft Windows Products Zero-Day Vulnerabilities Exploited in the Wild
July 10, 2024
CVE-2024-35264 – Microsoft ASP.NET Zero-Day Vulnerability
July 10, 2024
Multiple Microsoft Windows Products Zero-Day Vulnerabilities Exploited in the Wild
July 10, 2024
CVE-2024-35264 – Microsoft ASP.NET Zero-Day Vulnerability
July 10, 2024
Severity
Medium
Analysis Summary
CVE-2024-27785 CVSS: 5.4
Fortinet FortiAIOps could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper neutralization of formula elements in a CSV File vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2024-27783 CVSS: 7.6
Fortinet FortiAIOps is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2024-23663 CVSS: 8.8
Fortinet FortiExtender could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to create users with elevated privileges.
CVE-2024-26015 CVSS: 3.7
Fortinet FortiProxy and FortiOS could allow a remote attacker to bypass security restrictions, caused by incorrect parsing of numbers with different radices vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the IP blocklist.
CVE-2024-27782 CVSS: 8.1
Fortinet FortiAIOps could allow a remote attacker to bypass security restrictions, caused by insufficient session expiration vulnerabilities. By sending a specially crafted request, an attacker could exploit this vulnerability to re-use stolen old session tokens to perform unauthorized operations via crafted requests.
CVE-2024-33509 CVSS: 4.8
Fortinet FortiWeb is vulnerable to a man-in-the-middle attack, caused by the lack of client-side certificate validation. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information.
Impact
- Gain Access
- Privilege Escalation
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-27785
- CVE-2024-27783
- CVE-2024-23663
- CVE-2024-26015
- CVE-2024-27782
- CVE-2024-33509
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiOS 7.2.0
- Fortinet FortiProxy 7.2.0
- Fortinet FortiWeb 7.2.1
- Fortinet FortiProxy 7.4.0
- Fortinet FortiOS 7.4.3
- Fortinet FortiAIOps 2.0.0
- Fortinet FortiExtender 7.4.2
- Fortinet FortiExtender 7.2.4
- Fortinet FortiExtender 7.0.4
- Fortinet FortiProxy 7.4.3
Remediation
Refer to FortiGuard Advisory for patch, upgrade, or suggested workaround information.
