At Logically, we are committed to promoting cybersecurity awareness and safety within the broader community. We wish to inform you about a recently identified security vulnerability affecting specific Fortinet devices. This issue pertains to FortiOS (FortiGate) versions 7.0.0 to 7.0.16 and FortiProxy versions 7.0.0 to 7.0.19 & 7.2.0 to 7.2.12, cataloged under CVE-2024-55591.
Key Information:
- Fortinet has acknowledged this vulnerability and urges users to update to patched versions immediately.
- There are indications that this vulnerability is currently being exploited in the wild.
Potential Impact:
Users of the affected FortiOS or FortiProxy versions could be exposed to security risks. Immediate firmware upgrades are critical to maintain the integrity and security of your network. Due to the nature (unauthorized and unauthenticated access to devices) and severity (CVSSv3 Score 9.6) of this vulnerability remediation should be made with urgency.
Action Required:
We recommend scheduling a firmware upgrade during a brief maintenance window, which will typically last between 30-60 minutes. This update will necessitate a device reboot, leading to temporary network unavailability.
Products with Fixed Software:- For FortiOS (FortiGate), please upgrade to version 7.0.17 or above. Logically recommends version 7.2.8 for stability.
- For FortiProxy, update to version 7.0.20 or 7.2.13, as these are not affected by the vulnerability.
Next Steps:
For Logically's managed service customers, we have identified and created service tickets for affected devices. You may also contact our Support Help Desk to arrange your firmware upgrade. If you are not a current Logically customer but use the affected Fortinet devices, we urge you to contact your service provider, or you may engage Logically for assistance under billable hours.
For additional details on this CVE, visit the Fortinet advisory page at Fortinet Fortinet PSIRT FG-IR-24-535.
We appreciate your immediate attention to this matter and thank you for taking proactive steps towards maintaining a secure network environment. Your security is our priority, whether you are a Logically customer or part of the larger digital community.
Conclusion
Security is a shared responsibility, and staying ahead of vulnerabilities is critical to safeguarding your network. By upgrading your devices promptly, you can mitigate risks and maintain a secure environment.Logically and Fortinet are here to support you through this process, ensuring your systems are patched and secure. If you have questions or need assistance, please contact us to discuss how we can help protect your environment.
