Critical Vulnerability in Fortinet Systems Could Affect 150,000 Devices

March 8, 2024

A severe security vulnerability, CVE-2024-21762, has been identified in Fortinet FortiOS and FortiProxy secure web gateway systems, potentially impacting approximately 150,000 devices. This information comes from scans conducted on the public web. The critical security issue allows for the execution of code without authentication.

The United States' Cyber Defense Agency CISA confirmed last month that this flaw is being actively exploited, and it has been added to its Known Exploited Vulnerabilities (KEV) catalog. Despite Fortinet addressing CVE-2024-21762 nearly a month ago, The Shadowserver Foundation announced that it discovered almost 150,000 vulnerable devices on Thursday.

According to Piotr Kijewski from Shadowserver, their scans only check for vulnerable versions, meaning the actual number of affected devices could be lower if administrators have applied mitigations instead of upgrading. CVE-2024-21762, which has a 9.8 severity score as per NIST, can be exploited by a remote attacker by sending specially crafted HTTP requests to vulnerable machines.

Shadowserver data reveals that the majority of vulnerable devices, over 24,000, are located in the United States, followed by India, Brazil, and Canada. Information regarding threat actors actively exploiting CVE-2024-21762 is currently scarce, as public platforms are not showing such activity or the vulnerability is being leveraged in select attacks by more sophisticated adversaries.

The Cybersecurity and Infrastructure Security Agency (CISA) confirmed active exploitation of the vulnerability a day after Fortinet's advisory by adding it to its KEV catalog. Companies can verify if their SSL VPN systems are susceptible to this issue by running a simple Python script developed by researchers at offensive security company BishopFox.

FortiOS, Fortinet's operating system, includes security features such as protection against denial-of-service (DoS) attacks, intrusion prevention (IPS), firewall, and VPN services. It powers all Fortinet Security Fabric devices, ranging from firewalls to access points, switches, and network access control products, providing visibility and control, centralized management across the network, and consistent deployment and enforcement of security policies.

FortiProxy is a secure web proxy solution that provides protection against web and DNS-based threats and data loss. It incorporates an antivirus, intrusion prevention, and client browser isolation.

Related News

• Active Exploitation of New Fortinet RCE Vulnerability Confirmed by CISA
• Critical Remote Code Execution Vulnerability Detected in Fortinet's SSL VPN

Latest News

• CISA Highlights Active Exploitation of JetBrains TeamCity Software Vulnerability
• Cisco Addresses High-Severity Vulnerabilities in its VPN Product
• CISA Lists Apple iOS and iPadOS Memory Corruption Bugs in its Known Exploited Vulnerabilities Catalog
• Massive Exploitation of TeamCity Auth Bypass Vulnerability Leads to Creation of Admin Accounts
• Widespread Exploitation of Critical TeamCity Flaw to Create Admin Accounts