Fortinet has issued a warning regarding a critical vulnerability found in its FortiOS SSL VPN system, which could be actively exploited by attackers. This vulnerability within Fortinet’s network security solutions poses a significant threat to organizations, as it enables unauthenticated attackers to obtain remote code execution (RCE) capabilities through maliciously crafted requests.
FORTINET VPN RCE VULNERABILITY UNCOVERED
This vulnerability, labeled as CVE-2024-21762 / FG-IR-24-015, presents a significant risk with a CVSS rating of 9.6 due to its susceptibility to exploitation in cyber-attacks. At the core of this alert is an out-of-bounds write vulnerability within the FortiOS system. This flaw enables unauthenticated attackers to execute remote code through carefully crafted requests.
The significant attention surrounding this new vulnerability is amplified by the widespread use of Fortinet networking solutions and the severity of the vulnerability itself. Beyond these factors, Remote Code Execution (RCE) flaws have the potential to result in system compromise and data theft. In more severe cases, they can trigger ransomware or espionage attacks, leading to company-wide cyberattacks, downtimes, data leaks, and associated disruptions.
This critical flaw was disclosed alongside other vulnerabilities, including CVE-2024-23113, which holds an even higher severity rating of 9.8, and two medium-severity flaws, CVE-2023-44487 and CVE-2023-47537. However, unlike CVE-2024-21762, these additional vulnerabilities are not currently identified as actively exploited in the wild.
The disclosure of this vulnerability follows previous incidents where Chinese state-sponsored threats, specifically Volt Typhoon, have exploited FortiOS vulnerabilities. The utilization of custom malware like Coathanger, a remote access trojan (RAT), indicates adversaries’ determination to exploit such vulnerabilities. Notably, this malware has been employed in attacks targeting the Dutch Ministry of Defense, underscoring the significant threat posed by such malicious activity.
Still, as statistics show, the majority of exploitation cases happen after the vulnerability is publicly disclosed. Therehence, the best option will be to patch the flaw as soon as possible. Fortunately, the developer already offers the fixes for CVE-2024-21762.
PATCH AND MITIGATION
Fortinet’s released patch brings affected FortiOS systems up-to-date, effectively addressing the vulnerability and thwarting potential exploitation by attackers. Fortinet advises upgrading according to the following table:
|7.4.0 through 7.4.2
|Upgrade to 7.4.3 or above
|7.2.0 through 7.2.6
|Upgrade to 7.2.7 or above
|7.0.0 through 7.0.13
|Upgrade to 7.0.14 or above
|6.4.0 through 6.4.14
|Upgrade to 6.4.15 or above
|6.2.0 through 6.2.15
|Upgrade to 6.2.16 or above
|6.0 all versions
|Migrate to a fixed release