National Cyber Warfare Foundation (NCWF) Forums


Critical Fortinet FortiOS CVE-2024-21762 Exploited


0 user ratings
2024-02-12 13:31:10
milo
Red Team (CNA)

 - archive -- 
CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet's FortiOS operating system that is known to have been exploited in the wild. Fortinet SSL VPN vulnerabilities are frequent targets for state-sponsored and other motivated adversaries.

Critical Fortinet FortiOS CVE-2024-21762 Exploited

On February 8, 2024 Fortinet disclosed multiple critical vulnerabilities affecting FortiOS, the operating system that runs on Fortigate SSL VPNs. The critical vulnerabilities include CVE-2024-21762, an out-of-bounds write vulnerability in SSLVPNd that could allow remote unauthenticated attackers to execute arbitrary code or commands on Fortinet SSL VPNs via specially crafted HTTP requests.


According to Fortinet’s advisory for CVE-2024-21762, the vulnerability is “potentially being exploited in the wild.” The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-21762 to their Known Exploited Vulnerabilities (KEV) list as of February 9, 2024, confirming that exploitation has occurred.


Zero-day vulnerabilities in Fortinet SSL VPNs have a history of being targeted by state-sponsored and other highly motivated threat actors. Other recent Fortinet SSL VPN vulnerabilities (e.g., CVE-2022-42475, CVE-2022-41328, and CVE-2023-27997) have been exploited by adversaries as both zero-day and as n-day following public disclosure.


Affected products


FortiOS versions vulnerable to CVE-2024-21762 include:




  • FortiOS 7.4.0 through 7.4.2




  • FortiOS 7.2.0 through 7.2.6




  • FortiOS 7.0.0 through 7.0.13




  • FortiOS 6.4.0 through 6.4.14




  • FortiOS 6.2.0 through 6.2.15




  • FortiOS 6.0 all versions




  • FortiProxy 7.4.0 through 7.4.2




  • FortiProxy 7.2.0 through 7.2.8




  • FortiProxy 7.0.0 through 7.0.14




  • FortiProxy 2.0.0 through 2.0.13




  • FortiProxy 1.2 all versions




  • FortiProxy 1.1 all versions




  • FortiProxy 1.0 all versions




Note: Fortinet’s advisory did not originally list FortiProxy as being vulnerable to this issue, but the bulletin was updated after publication to add affected FortiProxy versions.


Mitigation guidance


According to the Fortinet advisory, the following fixed versions remediate CVE-2024-21762:




  • FortiOS 7.4.3 or above




  • FortiOS 7.2.7 or above




  • FortiOS 7.0.14 or above




  • FortiOS 6.4.15 or above




  • FortiOS 6.2.16 or above




  • FortiOS 6.0 customers should migrate to a fixed release




  • FortiProxy 7.4.3 or above




  • FortiProxy 7.2.9 or above




  • FortiProxy 7.0.15 or above




  • FortiProxy 2.0.14 or above




  • FortiProxy 1.2, 1.1, and 1.0 customers should migrate to a fixed release




As a workaround, the advisory instructs customers to disable the SSL VPN with the added context that disabling the webmode is not a valid workaround. For more information and the latest updates, please refer to Fortinet’s advisory.


Rapid7 customers


InsightVM and Nexpose customers can assess their exposure to FortiOS CVE-2024-21762 with a vulnerability check available in the Friday, February 9 content release.




Source: Rapid7
Source Link: https://blog.rapid7.com/2024/02/12/etr-critical-fortinet-fortios-cve-2024-21762-exploited/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.