Fortinet Warns Critical FortiOS SSL VPN Vulnerability Under Active Exploitation

February 09, 2024NewsroomZero Day Vulnerability / Network Security

Critical FortiOS SSL VPN Vulnerability

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it says is likely being exploited in the wild.

The weakness, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands.

“An out-of-bounds write vulnerability (CWE-787) in FortiOS could allow a remote untrusted attacker to execute arbitrary code or commands via specially crafted HTTP requests ,” the company SAYS in a bulletin released Thursday.

It further acknowledged that the issue was “potentially exploited in the wild,” without providing further details on how it was being used and by whom.

Cybersecurity

The following versions are affected by the vulnerability. It should be noted that FortiOS 7.6 is not affected.

  • FortiOS 7.4 (version 7.4.0 to 7.4.2) – Upgrade to 7.4.3 or later
  • FortiOS 7.2 (versions 7.2.0 to 7.2.6) – Upgrade to 7.2.7 or later
  • FortiOS 7.0 (versions 7.0.0 to 7.0.13) – Upgrade to 7.0.14 or later
  • FortiOS 6.4 (versions 6.4.0 to 6.4.14) – Upgrade to 6.4.15 or later
  • FortiOS 6.2 (versions 6.2.0 to 6.2.15) – Upgrade to 6.2.16 or later
  • FortiOS 6.0 (version 6.0 all versions) – Migration to a fixed release

The development comes as Fortinet issues patches for CVE-2024-23108 and CVE-2024-23109, which affect the FortiSIEM supervisor, allowing a remote unauthorized attacker to execute unauthorized commands through generated API requests.

Earlier this week, the government of the Netherlands revealed that a computer network used by the armed forces was infiltrated by state-sponsored actors in China by exploiting known flaws in Fortinet FortiGate devices to deliver in a backdoor called COATHANGER.

The company, in a report published this week, revealed that the N-day security vulnerabilities in its software, such as CVE-2022-42475 and CVE-2023-27997, were exploited by several activity groups to -target governments, service providers, consultants. , manufacturing, and large critical infrastructure organizations.

In the past, Chinese threat actors have been involved in zero-day exploits of security flaws in Fortinet appliances to deliver a wide range of implants, such as BOLDMOVE, THINCRUST, and CASTLETAP.

It also follows an advisory from the US government regarding a group of nation-states in China named Volt Typhoon, which targets the country’s critical infrastructure for long-term unsustainability by exploiting the known zero-day errors in networking equipment such as. from Fortinet, Ivanti Connect Secure, NETGEAR, Citrix, and Cisco for initial access.

Cybersecurity

China, which has denied the allegations, accusing the US of carrying out its own cyber-attacks.

If anything, the campaigns carried out by China and Russia highlight the growing threat that internet-facing devices have faced in recent years due to the fact that such technologies lack the support of endpoint detection and response (EDR), which makes them ripe for abuse.

“These attacks show the use of previously resolved N-day vulnerabilities and subsequent (living-off-the-land) methods, which reflect the behavior used by the cyber actor or group of actors known as Volt Typhoon, has been created using these methods to target critical infrastructure and potentially other nearby actors,” Fortinet SAYS.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment