The cybersecurity community is on high alert as researchers unveil a dire situation involving Fortinet’s FortiOS. A critical vulnerability, CVE-2024-21762, can potentially compromise approximately 150,000 devices globally.
This flaw, particularly affecting FortiOS SSL VPN, has been confirmed to be actively exploited by malicious entities.
In an alarming revelation in February, Fortinet issued warnings about this remote code execution vulnerability, characterized by a staggering CVSS score of 9.6.
Though specifics about the exploitation campaigns remain undisclosed, Fortinet cautioned:
The critical vulnerability CVE-2024-21762 in FortiOS SSL VPN is actively exploited in attacks in the wild.
The essence of this vulnerability lies in an out-of-bounds write issue, which attackers can exploit by dispatching specially crafted HTTP requests towards vulnerable systems.
Fortinet’s advisory advises:
An out-of-bounds write vulnerability (CWE-787) in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
As a temporary safeguard, the vendor advocates for the disabling of SSL VPN, explicitly mentioning that merely deactivating web mode does not suffice as a valid workaround.
The vulnerability’s pervasive impact is delineated through a list highlighting affected FortiOS versions alongside their respective remediations, ranging from upgrading to newer, secure versions to migrating from obsolete ones entirely.
Echoing the severity of CVE-2024-21762, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) incorporated this vulnerability into its Known Exploited Vulnerabilities (KEV) catalog, underscoring the critical need for immediate action.
Despite Fortinet’s advisories and the inclusion of CVE-2024-21762 in CISA’s KEV catalog, recent scans by the Shadowserver Foundation have unveiled a concerning scenario.
Emphasizing the urgency for affected organizations to implement the recommended security measures without delay, the researchers revealed:
Nearly 150,000 devices are still potentially impacted by the issue.
This situation is a stark reminder of the relentless threats in the cyber landscape, urging organizations to stay vigilant, promptly apply security updates, and consider additional protective measures, such as utilizing the best VPN to enhance security postures.
