Fortinet warns of critical FortiOS SSL VPN vulnerability under active exploitation

Critical FortiOS SSL VPN Vulnerability

Fortinet has revealed a new critical security flaw in FortiOS SSL VPN that it says is likely to be exploited in the wild.

The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows execution of arbitrary code and commands.

“An out-of-bounds writing vulnerability [CWE-787] FortiOS allows an unauthenticated, remote attacker to execute arbitrary code or commands via specially crafted HTTP requests,” the company said. said in a bulletin published Thursday.

It further acknowledged that the issue “may be exploited in the wild,” without providing additional details on how it is being weaponized and by whom.

The following versions are affected by the vulnerability. It is worth noting that FortiOS 7.6 is not affected.

  • FortiOS 7.4 (versions 7.4.0 through 7.4.2) – Upgrade to 7.4.3 or later
  • FortiOS 7.2 (versions 7.2.0 through 7.2.6) – Upgrade to 7.2.7 or later
  • FortiOS 7.0 (versions 7.0.0 through 7.0.13) – Upgrade to 7.0.14 or later
  • FortiOS 6.4 (versions 6.4.0 through 6.4.14) – Upgrade to 6.4.15 or later
  • FortiOS 6.2 (versions 6.2.0 through 6.2.15) – Upgrade to 6.2.16 or later
  • FortiOS 6.0 (versions 6.0 all versions) – Migrate to a fixed release

The development comes after Fortinet issued patches for CVE-2024-23108 and CVE-2024-23109, which impacts the FortiSIEM supervisor, allowing an unauthenticated, remote attacker to execute unauthorized commands via crafted API requests.

Earlier this week, the Dutch government revealed that a computer network used by the armed forces had been infiltrated by Chinese state-sponsored actors by exploiting known flaws in Fortinet FortiGate devices to create a backdoor called COATHANGER.

The company disclosed in a report published this week that N-day security vulnerabilities in its software, such as CVE-2022-42475 and CVE-2023-27997, are being exploited by multiple activity clusters to target governments, service providers and consulting firms. , manufacturing and large organizations with critical infrastructure.

Previously, Chinese threat actors have been linked to the zero-day exploitation of security flaws in Fortinet devices to deliver a wide range of implants such as BOLDMOVE, THINCRUST and CASTLETAP.

It also follows an advisory from the US government about a Chinese nation-state group called Volt Typhoon, which has targeted critical infrastructure in the country for undiscovered long-term persistence by taking advantage of known and zero-day flaws in networking equipment such as those from Fortinet, Ivanti Connect Secure, NETGEAR, Citrix and Cisco for initial access.

China, that has refused The charges accused the US of carrying out its own cyber attacks.

If anything, China and Russia’s campaigns underscore the growing threat that Internet-facing edge devices have faced in recent years, due to the fact that such technologies do not support endpoint detection and response (EDR), making them ripe for exploitation.

“These attacks demonstrate the use of already resolved N-day vulnerabilities and subsequent ones [living-off-the-land] techniques, which are highly indicative of the behavior of the cyber actor or group of actors known as Volt Typhoon, which has used these methods to target critical infrastructure and possibly other adjacent actors,” Fortinet said. said.

#Fortinet #warns #critical #FortiOS #SSL #VPN #vulnerability #active #exploitation

Notify of
Inline Feedbacks
View all comments
Previous Post
Stealthy Zardoor Backdoor

Covert Zardoor Backdoor Targets Saudi Islamic Charities

Next Post
Ivanti Vulnerability

New Ivanti Auth Bypass error affects Connect Secure and ZTA gateways

Related Posts