Critical Vulnerability in Fortinet Systems Could Affect 150,000 Devices

March 8, 2024

A severe security vulnerability, CVE-2024-21762, has been identified in Fortinet FortiOS and FortiProxy secure web gateway systems, potentially impacting approximately 150,000 devices. This information comes from scans conducted on the public web. The critical security issue allows for the execution of code without authentication.

The United States' Cyber Defense Agency CISA confirmed last month that this flaw is being actively exploited, and it has been added to its Known Exploited Vulnerabilities (KEV) catalog. Despite Fortinet addressing CVE-2024-21762 nearly a month ago, The Shadowserver Foundation announced that it discovered almost 150,000 vulnerable devices on Thursday.

According to Piotr Kijewski from Shadowserver, their scans only check for vulnerable versions, meaning the actual number of affected devices could be lower if administrators have applied mitigations instead of upgrading. CVE-2024-21762, which has a 9.8 severity score as per NIST, can be exploited by a remote attacker by sending specially crafted HTTP requests to vulnerable machines.

Shadowserver data reveals that the majority of vulnerable devices, over 24,000, are located in the United States, followed by India, Brazil, and Canada. Information regarding threat actors actively exploiting CVE-2024-21762 is currently scarce, as public platforms are not showing such activity or the vulnerability is being leveraged in select attacks by more sophisticated adversaries.

The Cybersecurity and Infrastructure Security Agency (CISA) confirmed active exploitation of the vulnerability a day after Fortinet's advisory by adding it to its KEV catalog. Companies can verify if their SSL VPN systems are susceptible to this issue by running a simple Python script developed by researchers at offensive security company BishopFox.

FortiOS, Fortinet's operating system, includes security features such as protection against denial-of-service (DoS) attacks, intrusion prevention (IPS), firewall, and VPN services. It powers all Fortinet Security Fabric devices, ranging from firewalls to access points, switches, and network access control products, providing visibility and control, centralized management across the network, and consistent deployment and enforcement of security policies.

FortiProxy is a secure web proxy solution that provides protection against web and DNS-based threats and data loss. It incorporates an antivirus, intrusion prevention, and client browser isolation.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.