Fortinet Raises Alarm Over New Actively Exploited RCE Vulnerability in FortiOS SSL VPN.
Fortinet has recently disclosed a critical security flaw in its FortiOS SSL VPN, identified as CVE-2024-21762. This vulnerability, with a CVSS score of 9.6, allows for the execution of arbitrary code and commands. Specifically, it is an out-of-bounds write vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted HTTP requests.
Fortinet has acknowledged that this issue is potentially being exploited in the wild, although further specifics about the attacks remain undisclosed.
“An out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests,” the company said in a bulletin released Thursday.
The development comes as Fortinet issued patches for CVE-2024-23108 and CVE-2024-23109, impacting FortiSIEM supervisor, allowing a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.
Earlier this week, the Netherlands government revealed a computer network used by the armed forces was infiltrated by Chinese state-sponsored actors by exploiting known flaws in Fortinet FortiGate devices to deliver a backdoor called COATHANGER.
The company, in a report published this week, divulged that N-day security vulnerabilities in its software, such as CVE-2022-42475 and CVE-2023-27997, are being exploited by multiple activity clusters to target governments, service providers, consultancies, manufacturing, and large critical infrastructure organizations.
Previously, Chinese threat actors have been linked to the zero-day exploitation of security flaws in Fortinet appliances to deliver a wide range of implants, such as BOLDMOVE, THINCRUST, and CASTLETAP.
The following table includes the list of the impacted versions and the available versions that solve the issue.
| Version | Affected | Solution |
|---|---|---|
| FortiOS 7.6 | Not affected | Not Applicable |
| FortiOS 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above |
| FortiOS 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
| FortiOS 6.2 | 6.2.0 through 6.2.15 | Upgrade to 6.2.16 or above |
| FortiOS 6.0 | 6.0 all versions | Migrate to a fixed release |
Conclusion
It’s important to stay vigilant and apply the necessary patches to protect against potential exploitation. Additionally, Fortinet has also issued patches for other vulnerabilities impacting FortiSIEM supervisor, emphasizing the importance of timely updates in maintaining security.
Remember to keep your systems up-to-date and follow best practices to safeguard against security risks!
You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.
Share this content:
Post Comment