Uncovering Zero-Day Vulnerability CVE-2024-50562 in Fortinet Web Client Using CERT-X-GEN
Overview
One of the leading organizations in the medical and healthcare artificial intelligence sector partnered with Bugb Technologies for a comprehensive penetration testing and vulnerability assessment. The organization had implemented Fortinet Web Client to secure remote access via a Zero Trust model, a critical component for maintaining the privacy and integrity of sensitive healthcare data.
During the assessment, our team uncovered a critical zero-day vulnerability, CVE-2024-50562, in the Fortinet Web Client. The flaw, involving incomplete session termination, left the system susceptible to session hijacking, which could lead to unauthorized access and potential data breaches.
The Challenges
The Fortinet Web Client failed to invalidate session cookies after logout or session expiration, allowing attackers to hijack active sessions.
Exploitation of this vulnerability could grant unauthorized access to sensitive healthcare records and operational systems.
Testing the vulnerability required replicating real-world attack scenarios while maintaining strict adherence to ethical guidelines.
Ensuring timely and responsible reporting to Fortinet while securing the client’s sensitive data during the disclosure process.
Solution Provided by our Experts
Using CERT-X-GEN, Bugb Technologies implemented a template to identify, validate, and responsibly disclose this critical vulnerability:
Conducted a detailed scan of the IP address provided by the client using CERT-X-GEN’s advanced recon tools. Mapped all accessible endpoints and services running on the client’s Fortinet Web Client infrastructure.
Leveraged CERT-X-GEN’s exploit generation capabilities to identify session management flaws. Discovered persistent session cookies that allowed unauthorized reuse after session expiration or logout.
Created and executed custom exploits using CERT-X-GEN to simulate session hijacking scenarios. Validated the exploit's efficacy by successfully gaining unauthorized access to the web client interface.
Determined that this vulnerability affected multiple versions of Fortinet Web Client, including FortiOS v7.2.8. Quantified potential risks, including unauthorized access to sensitive healthcare data and operational disruption.
Submitted a detailed vulnerability report, including PoC, exploit details, and recommendations for remediation. Worked closely with Fortinet’s security team to triage and verify the issue, facilitating the assignment of CVE-2024-50562.
The Results we Achieved
Verified the session hijacking vulnerability across all tested endpoints without false positives.
Recognition as Responsible Disclosure Contributors
Collaborated with Fortinet to ensure the vulnerability was patched in upcoming versions of FortiOS (7.6.1 and 7.4.6).
Fortinet recognized Bugb Technologies for reporting the vulnerability under responsible disclosure.
Enabled the client to secure their Fortinet infrastructure, significantly mitigating the risk of unauthorized access.
$2M in Incident Response and Remediation Costs Saved.
Benefits
100%
Accuracy in Vulnerability Detection
$50M
in Data Breach Costs Avoided