On February 8, 2024 Fortinet disclosed multiple critical vulnerabilities affecting FortiOS, the operating system that runs on Fortigate SSL VPNs. The critical vulnerabilities include CVE-2024-21762, an out-of-bounds write vulnerability in SSLVPNd that could allow remote unauthenticated attackers to execute arbitrary code or commands on Fortinet SSL VPNs via specially crafted HTTP requests.
According to Fortinet’s advisory for CVE-2024-21762, the vulnerability is “potentially being exploited in the wild.” The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-21762 to their Known Exploited Vulnerabilities (KEV) list as of February 9, 2024, confirming that exploitation has occurred.
Zero-day vulnerabilities in Fortinet SSL VPNs have a history of being targeted by state-sponsored and other highly motivated threat actors. Other recent Fortinet SSL VPN vulnerabilities (e.g., CVE-2022-42475, CVE-2022-41328, and CVE-2023-27997) have been exploited by adversaries as both zero-day and as n-day following public disclosure.
Affected products
FortiOS versions vulnerable to CVE-2024-21762 include:
FortiOS 7.4.0 through 7.4.2
FortiOS 7.2.0 through 7.2.6
FortiOS 7.0.0 through 7.0.13
FortiOS 6.4.0 through 6.4.14
FortiOS 6.2.0 through 6.2.15
FortiOS 6.0 all versions
FortiProxy 7.4.0 through 7.4.2
FortiProxy 7.2.0 through 7.2.8
FortiProxy 7.0.0 through 7.0.14
FortiProxy 2.0.0 through 2.0.13
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
FortiProxy 1.0 all versions
Note: Fortinet’s advisory did not ..
Support the originator by clicking the read the rest link below.
