Fortinet is warning {that a} new essential distant code execution vulnerability in FortiOS SSL VPN is doubtlessly being exploited in assaults.
The flaw (tracked as CVE-2024-21762 / FG-IR-24-015) acquired a 9.6 severity ranking and is an out-of-bounds write vulnerability in FortiOS that enables unauthenticated attackers to achieve distant code execution (RCE) by way of maliciously crafted requests.
To patch the bug, Fortinet recommends upgrading to one of many newest model based mostly on this desk:
| Model | Affected | Resolution |
|---|---|---|
| FortiOS 7.6 | Not affected | Not Relevant |
| FortiOS 7.4 | 7.4.0 by way of 7.4.2 | Improve to 7.4.3 or above |
| FortiOS 7.2 | 7.2.0 by way of 7.2.6 | Improve to 7.2.7 or above |
| FortiOS 7.0 | 7.0.0 by way of 7.0.13 | Improve to 7.0.14 or above |
| FortiOS 6.4 | 6.4.0 by way of 6.4.14 | Improve to six.4.15 or above |
| FortiOS 6.2 | 6.2.0 by way of 6.2.15 | Improve to six.2.16 or above |
| FortiOS 6.0 | 6.0 all variations | Migrate to a hard and fast launch |
For these unable to use patches, you’ll be able to mitigate the flaw by disabling SSL VPN in your FortiOS gadgets.
Fortinet’s advisory doesn’t present any particulars on how the vulnerability is being exploited or who found the vulnerability.
This flaw was disclosed in the present day together with CVE-2024-23113 (Crucial/9.8 ranking), CVE-2023-44487 (Medium), and CVE-2023-47537 (Medium). Nevertheless, these flaws usually are not marked as being exploited within the wild.
Risk actors generally goal Fortinet flaws to breach company networks for ransomware assaults and cyber espionage.
Yesterday, Fortinet disclosed that Chinese language state-sponsored risk actors referred to as Volt Storm focused FortiOS vulnerabilities to deploy customized malware referred to as COATHANGER.
This malware is a customized distant entry trojan (RAT) designed to contaminate Fortigate community safety home equipment and was not too long ago discovered utilized in assaults on the Dutch Ministry of Defence.
As a result of excessive severity of the newly disclosed CVE-2024-21762 flaw and the chance of it being exploited in assaults, it’s strongly suggested that you just replace your gadgets as quickly as attainable.
