Name of the Vulnerable Software and Affected Versions:

FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10

FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5

FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8

FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6

FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions

Description:

A stack-based buffer overflow vulnerability in Fortinet products allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookies. The vulnerability is being actively exploited in the wild, and it affects multiple Fortinet products, including FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. The estimated number of potentially affected devices worldwide is not specified. Threat actors are exploiting this vulnerability to execute arbitrary code, scan networks, steal credentials, and wipe crash logs.

Recommendations:

For each affected version, apply the security updates released by Fortinet to patch the critical remote code execution vulnerability.

As a temporary workaround, consider disabling the HTTP admin interface until a patch is available.

Restrict access to the vulnerable modules to minimize the risk of exploitation.

Avoid using the `AuthHash` cookie in the affected API endpoints until the issue is resolved.