Fortinet FortiWeb OpenSSH regreSSHion Attack (CVE-2024-6387) (FG-IR-24-258)

critical Nessus Plugin ID 209711

Synopsis

Fortinet Firewall is missing one or more security-related updates.

Description

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-258 advisory.

- A race condition in sshd affecting versions between 8.5p1 and 9.7p1 (inclusive) may allow arbitrary code execution with root privileges. Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. According to OpenSSH, the attack has been tested under lab conditions and requires on average 6-8 hours of continuous connections up to the maximum the server will accept. Exploitation on 64-bit systems is believed to be possible but has not been demonstrated at this time. (CVE-2024-6387)

- A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. (CVE-2024-6387)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

For 7.2.x, upgrade to FortiWeb version 7.2.10 or later. For 7.4.x, upgrade to FortiWeb version 7.4.5 or later. For 7.6.x, upgrade to FortiWeb version 7.6.1 or later.

See Also

https://www.fortiguard.com/psirt/FG-IR-24-258

https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

https://www.openssh.com/txt/release-9.8

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387

Plugin Details

Severity: Critical

ID: 209711

File Name: fortiweb_FG-IR-24-258.nasl

Version: 1.4

Type: local

Family: Firewalls

Published: 10/25/2024

Updated: 5/13/2025

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-6387

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Critical

Base Score: 9.2

Threat Score: 8.2

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/a:fortinet:fortiweb

Required KB Items: Settings/ParanoidReport, Host/Fortigate/model, Host/Fortigate/version

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/9/2024

Reference Information

CVE: CVE-2024-6387