THREAT LEVEL - HIGH
09-02-2024
New Critical FortiOS SSL VPN Vulnerability Under Active Exploitation
Threat Level Description
Threat Level: High – An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.
Description
We have observed that a new critical vulnerability in FortiOS SSL VPN, has been identified.
A remote unauthenticated attacker, by exploiting this vulnerability, could achieve remote code execution on affected systems and gain remote access.
The vulnerability, tracked as CVE-2024-21762, is an out-of-bounds write vulnerability in Fortinets’ FortiOS software.
This vulnerability could allow the remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
Fortinet’s advisory does not provide any details on how the vulnerability is being exploited or who discovered the vulnerability, but it is strongly believed that the vulnerability is being exploited in the wild.
CVE(s)
CVE-2024-21762
Affected Systems
- FortiOS 7.4.0 through 7.4.2
- FortiOS 7.2.0 through 7.2.6
- FortiOS 7.0.0 through 7.0.13
- FortiOS 6.4.0 through 6.4.14
- FortiOS 6.2.0 through 6.2.15
- FortiOS 6.0 all versions
Recommendation(s)
You should proceed and apply all relevant security patches provided by the vendor and/or upgrade to the latest version of FortiOS.
You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.
