Fortinet has issued a warning about a new critical remote code execution vulnerability in its FortiOS SSL VPN, which is likely being exploited in cyberattacks. The vulnerability, known as CVE-2024-21762, has a severity rating of 9.6. It is an out-of-bounds write vulnerability that enables unauthenticated attackers to execute remote code through malicious requests.
To rectify this issue, Fortinet has advised users to upgrade to the latest version of their software according to a provided table. For those who are unable to apply these patches, Fortinet suggests disabling the SSL VPN on their FortiOS devices as a mitigation strategy.
The advisory from Fortinet does not provide any information regarding the exploitation methods of the vulnerability or the identity of the individual or group who discovered it. Alongside CVE-2024-21762, other vulnerabilities were disclosed today, including CVE-2024-23113 (rated as Critical/9.8), CVE-2023-44487 (rated as Medium), and CVE-2023-47537 (also rated as Medium). However, these vulnerabilities have not been marked as being exploited in the wild.
Fortinet vulnerabilities are frequently targeted by threat actors aiming to infiltrate corporate networks for ransomware attacks and cyber espionage. Recently, Fortinet revealed that the Chinese state-sponsored threat group known as Volt Typhoon targeted FortiOS vulnerabilities to deploy a custom malware named COATHANGER. This custom remote access trojan (RAT) is designed to infect Fortigate network security appliances and was recently implicated in attacks on the Dutch Ministry of Defence.
Given the high severity of the recently disclosed CVE-2024-21762 vulnerability and its potential for exploitation in attacks, it is strongly recommended to update devices as soon as possible.