Fortinet FortiOS Missing Authentication Vulnerability in CAPWAP Daemon Allowing Unauthorized Code Execution

A vulnerability exists in Fortinet FortiOS versions 7.6.0 to 7.6.3, 7.4.0 to 7.4.8, 7.2.0 to 7.2.11, 7.0.0 to 7.0.17, all versions of FortiOS 6.4, and FortiOS 6.2.9 to 6.2.17. This vulnerability, classified as missing authentication for critical functions, allows local unauthenticated attackers on the same local IP subnet to execute unauthorized code or commands. The exploitation involves sending specially crafted packets, and successful attacks require the targeted FortiGate device to be configured in a specific, non-default way.

Impact

Exploitation of this vulnerability allows for unauthorized code execution or command execution on the affected device.

Remediation

Users are advised to upgrade Fortinet FortiOS to the following versions: FortiOS 7.6 to 7.6.4 or above, FortiOS 7.4 to 7.4.9 or above, FortiOS 7.2 to 7.2.12 or above, FortiOS 7.0 to 7.0.18 or above, FortiOS 6.4 to a fixed release, and FortiOS 6.2 to a fixed release. Consult the Fortinet upgrade tool for guidance. As an additional step, disable security fabric access on the interface, restrict management to legitimate devices via the WiFi Controller, and remove inter-controller-peer elements from the configuration. Be aware that if auto-auth-extension-device is enabled, any device can be authorized, potentially allowing exploitation without administrative rights.