Critical Fortinet flaw may impact 150,000 exposed devices

A serious Fortinet bug could affect 150,000 devices that are exposed.

Approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are susceptible to CVE-2024-21762, a major security flaw that permits code execution without authentication, according to public web scans, as reported on BleepingComputer.

The problem is an out-of-bounds write vulnerability that can be taken advantage of by sending susceptible instances specially constructed HTTP requests. The company suggests turning off SSL VPN as a temporary fix.

“A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.” reads the advisory.

“Workaround : disable SSL VPN (disable webmode is NOT a valid workaround). Note: This is potentially being exploited in the wild.”

Due to the fact that public platforms do not show such activity or the vulnerability is being exploited by more sophisticated adversaries in certain attacks, the details of the threat actors actively exploiting CVE-2024-21762 are currently limited. A day after Fortinet’s advisory, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed active exploitation of the vulnerability by adding it to its KEV catalog.

A day after Fortinet’s advisory, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed active exploitation of the vulnerability by adding it to its KEV catalog.

Businesses can use a straightforward Python script created by researchers from the offensive security firm BishopFox to determine whether their SSL VPN networks are susceptible to this problem.

The operating system from Fortinet, known as FortiOS, has security capabilities like firewalling, VPN services, intrusion prevention (IPS), and defense against denial-of-service (DoS) assaults.

It provides visibility and control, centralized network administration, and uniform deployment and enforcement of security rules across all Fortinet Security Fabric devices, including firewalls, access points, switches, and network access control products.

FortiProxy is a safe online proxy that can guard against DNS- and web-based attacks as well as data loss. It combines client browser isolation, intrusion protection, and antivirus software, reports Bleeping Computer.

incident response solution for cloud environment: challenges and solutions. Previous post Incident Response in the Cloud: Challenges and Solutions