Fortinet has recently uncovered a critical security vulnerability, designated as CVE-2024-21762, within its FortiOS SSL VPN software. This flaw, with a severity score of 9.6 on the CVSS scale, enables remote attackers to execute arbitrary code or commands via specially crafted HTTP requests.
CVE-2024-21762 Actively Exploited in the Wild
Fortinet issued a bulletin expressing concern that the vulnerability is being actively exploited in the wild, although specifics regarding the exploitation methods and perpetrators remain undisclosed.
The impacted versions include FortiOS 7.4, 7.2, 7.0, 6.4, 6.2, and 6.0, with specific upgrade recommendations provided for each. Notably, FortiOS 7.6 is unaffected by CVE-2024-21762, emphasizing the importance of keeping systems up to date to mitigate risks effectively.
This revelation comes amidst Fortinet’s efforts to address other security concerns, such as the recently patched vulnerabilities CVE-2024-23108 and CVE-2024-23109 affecting FortiSIEM supervisor. These vulnerabilities allowed unauthorized execution of commands through crafted API requests, further highlighting the critical nature of maintaining robust cybersecurity measures.
Fortinet Flaws Widely Abused by Threat Actors
The broader context of cybersecurity threats involving Fortinet devices is also significant. Recent incidents, including the infiltration of the Netherlands government’s computer network by Chinese state-sponsored actors through known FortiGate flaws, underscore the persistent and evolving nature of cyber threats. Moreover, reports of N-day vulnerabilities (a zero-day vulnerability made public) being exploited by various threat actors to target critical infrastructure and organizations worldwide raise alarms about the growing sophistication of cyberattacks.
The involvement of Chinese threat actors, particularly in exploiting Fortinet vulnerabilities such as CVE-2024-21762, has drawn attention from global cybersecurity communities. Known implant names such as BOLDMOVE, THINCRUST, and CASTLETAP have been associated with these threat actors, highlighting the complexity and breadth of the threat landscape.
In response to these challenges, the U.S. government has issued advisories regarding threat groups like Volt Typhoon, emphasizing the need for enhanced security measures and vigilance against both known and zero-day vulnerabilities. The absence of endpoint detection and response (EDR) support in certain edge devices further increases the risk, making them prime targets for exploitation.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: