Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it claimed is possible currently being exploited in the wild.

The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and instructions.

“A out-of-bounds create vulnerability [CWE-787] in FortiOS could make it possible for a remote unauthenticated attacker to execute arbitrary code or command by using specifically crafted HTTP requests,” the enterprise stated in a bulletin released Thursday.

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

It even further acknowledged that the issue is “probably being exploited in the wild,” with no supplying additional particulars about how it is really being weaponized and by whom.

The subsequent versions are impacted by the vulnerability. It is really really worth noting that FortiOS 7.6 is not affected.

• FortiOS 7.4 (variations 7.4. via 7.4.2) – Up grade to 7.4.3 or over
• FortiOS 7.2 (variations 7.2. via 7.2.6) – Up grade to 7.2.7 or above
• FortiOS 7. (variations 7.. by 7..13) – Enhance to 7..14 or previously mentioned
• FortiOS 6.4 (versions 6.4. by 6.4.14) – Improve to 6.4.15 or above
• FortiOS 6.2 (versions 6.2. through 6.2.15) – Enhance to 6.2.16 or above
• FortiOS 6. (variations 6. all versions) – Migrate to a fastened release

The growth comes as Fortinet issued patches for CVE-2024-23108 and CVE-2024-23109, impacting FortiSIEM supervisor, making it possible for a remote unauthenticated attacker to execute unauthorized commands by means of crafted API requests.

Before this week, the Netherlands authorities revealed a laptop network utilized by the armed forces was infiltrated by Chinese condition-sponsored actors by exploiting recognized flaws in Fortinet FortiGate equipment to provide a backdoor identified as COATHANGER.

The organization, in a report printed this week, divulged that N-day security vulnerabilities in its computer software, these kinds of as CVE-2022-42475 and CVE-2023-27997, are getting exploited by many action clusters to focus on governments, company suppliers, consultancies, manufacturing, and huge critical infrastructure businesses.

Previously, Chinese danger actors have been connected to the zero-working day exploitation of security flaws in Fortinet appliances to deliver a huge assortment of implants, such as BOLDMOVE, THINCRUST, and CASTLETAP.

It also follows an advisory from the U.S. government about a Chinese country-point out group dubbed Volt Typhoon, which has targeted critical infrastructure in the place for extensive-phrase undiscovered persistence by getting benefit of recognized and zero-day flaws in networking appliances these as all those from Fortinet, Ivanti Join Secure, NETGEAR, Citrix, and Cisco for preliminary entry.

China, which has denied the allegations, accused the U.S. of conducting its personal cyber-attacks.

If anything at all, the campaigns waged by China and Russia underscore the growing menace confronted by internet-dealing with edge units in new decades owing to the truth that this sort of technologies deficiency endpoint detection and response (EDR) aid, producing them ripe for abuse.

“These attacks display the use of previously settled N-working day vulnerabilities and subsequent [living-off-the-land] techniques, which are highly indicative of the behavior used by the cyber actor or group of actors acknowledged as Volt Typhoon, which has been using these methods to focus on critical infrastructure and probably other adjacent actors,” Fortinet stated.

Observed this write-up intriguing? Adhere to us on Twitter  and LinkedIn to read through far more special articles we put up.