Fortinet Critical Bug – Quick Details on the RCE Vulnerability

Fortinet
Latest Threats Security , , , , ,

Fortinet Critical Bug – Quick Details on the RCE Vulnerability

Fortinet Critical Bug – A new Remote Code Execution (RCE) bug in Fortinet‘s FortiOS, identified as CVE-2024-21762, has been confirmed to be actively exploited. This article provides a comprehensive analysis of the issue, the disclosures surrounding it, and its current status.

CVE-2024-21762 is a severe out-of-bounds write vulnerability discovered in Fortinet’s FortiOS and FortiProxy products. This flaw, with a CVSS score of 9.6, poses a significant risk of remote code execution (RCE) by allowing unauthenticated attackers to execute arbitrary code or commands via specially crafted HTTP requests.

The vulnerability resides in the SSL VPN functionality of affected products, making them susceptible to exploitation by threat actors. Fortinet has warned that this flaw is potentially being exploited in the wild. More detailed information can be found here.

Disclosures on Fortinet Critical Bug

On February 8, Fortinet published an advisory (FG-IR-24-015) to address this critical flaw in its network operating system, FortiOS. However, Fortinet has not shared any specifics about in-the-wild exploitation, nor has it shared any information about who reported the flaw as of February 9. This lack of clarity has led to some confusion in the cybersecurity community.

Status of the Fortinet Issue

Fortinet has released patches for several versions of FortiOS to address CVE-2024-21762. If patching is not feasible at this time, organizations are advised to disable SSL VPN functionality until then. Fortinet’s advisory warns that simply disabling Web mode is “NOT a valid workaround”.

Organizations utilizing FortiOS versions ranging from 6.0 to 7.4 and FortiProxy products are vulnerable to CVE-2024-21762. Notably, FortiOS 7.6 remains unaffected by this vulnerability. If your organization relies on any of the impacted versions, it’s crucial to prioritize patching or implement recommended workarounds promptly.

The National Vulnerability Database (NVD) lists the following affected versions of FortiOS and FortiProxy:

  • FortiOS 7.4.0 to 7.4.2
  • FortiOS 7.2.0 to 7.2.6
  • FortiOS 7.0.0 to 7.0.13
  • FortiOS 6.4.0 to 6.4.14
  • FortiOS 6.2.0 to 6.2.15
  • FortiOS 6.0.0 to 6.0.17
  • FortiProxy 7.2.0 to 7.4.2
  • FortiProxy 7.2.0 to 7.2.8
  • FortiProxy 7.0.0 to 7.0.14
  • FortiProxy 2.0.0 to 2.0.13
  • FortiProxy 1.2.0 to 1.2.13
  • FortiProxy 1.1.0 to 1.1.6
  • FortiProxy 1.0.0 to 1.0.7

Conclusion

The existence of active exploitation underscores the urgency of addressing this vulnerability to prevent potential compromise and protect sensitive data. Organizations must remain vigilant and proactive in their security posture to mitigate the risks associated with this vulnerability. It is imperative for organizations to identify and prioritize patching vulnerable systems promptly.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it

Share this content:

Tag

Related Posts

Post Comment