A critical security flaw, identified as CVE-2024-21762, has been uncovered in Fortinet’s FortiOS and FortiProxy secure web gateway systems, potentially affecting approximately 150,000 devices worldwide.
The vulnerability permits unauthenticated remote code execution (RCE) through the transmission of specifically crafted HTTP requests to the affected machines.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has verified active exploitation of the flaw and included it in its Known Exploited Vulnerabilities (KEV) catalog.
Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the fixes by February 16, 2024, to safeguard their networks against potential threats.
CVE-2024-21762
The vulnerability impacts various Fortinet security appliances, encompassing versions of FortiOS, FortiProxy, FortiSwitchManager, and FortiAnalyzer.
These devices are frequently employed by organizations to oversee network security, heightening concern due to the potential access it could grant to sensitive information.
According to the FortiGuard Labs’ security advisory, the vulnerability arises from an improper limitation of a pathname to a restricted directory, exploitable by an unauthenticated attacker via the internet, potentially leading to arbitrary code execution on affected devices.
Exploitation has been observed in the wild, emphasizing the urgency of patching. The vulnerability’s severity is highlighted by its high CVSS score, reflecting the ease of exploitation and potential impact. Over 150,000 vulnerable devices have been identified, as per the Shadowserver report.
Fortinet has released patches for the affected versions and urges customers to promptly update their devices to mitigate the risk. The affected versions and corresponding patches are available on Fortinet’s official advisory page.
For users and administrators unsure if their devices are vulnerable, BishopFox has provided a check script named CVE-2024-21762-check on GitHub. This script can determine if a Fortinet device is susceptible to the flaw, facilitating a more efficient response to the threat.
In the interim, Fortinet offers a workaround for those unable to apply the patches immediately. This workaround entails disabling the HTTP/HTTPS administrative interface or limiting IP access to trusted hosts. However, this is temporary, and users are strongly advised to apply the official patches as soon as possible.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment