133,000+ Vulnerable FortiOS/FortiProxy Instances : Exploitation Started

A critical security vulnerability has been identified in Fortinet’s FortiOS and FortiProxy, potentially affecting over 133,000 devices worldwide.

The flaw, tracked as CVE-2024-21762, is an out-of-bounds write vulnerability that could allow a remote, unauthenticated attacker to execute arbitrary code or commands through specially crafted HTTP requests.

CVE-2024-21762: A Critical Out-of-Bounds Write Vulnerability

The vulnerability has been assigned a Common Vulnerability Scoring System (CVSS) score of 9.6, indicating its critical severity.

Fortinet has acknowledged that CVE-2024-21762 is “potentially being exploited in the wild,” urging users to apply the necessary updates to mitigate the risk.

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :

• The problem of vulnerability fatigue today
• Difference between CVSS-specific vulnerability vs risk-based vulnerability
• Evaluating vulnerabilities based on the business impact/risk
• Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

Book Your spot

Fortiguard has identified an out-of-bounds write vulnerability [CWE-787] in FortiOS and FortiProxy.

A remote attacker can exploit this vulnerability without authentication, using specially crafted HTTP requests.

As a result, the attacker can execute arbitrary code or commands on the vulnerable device.

According to a recent tweet from ShadowServer, Fortinet is still vulnerable to attacks, with over 133,000 instances at risk.

This means that bad actors could exploit a potentially large attack surface.

Fortinet advisory: https://t.co/KIdrmN73EK

We still see over 133 000 vulnerable instances, so a potentially large attack surface https://t.co/u9jJqovlKY

— Shadowserver (@Shadowserver) March 18, 2024

Affected Versions and Solutions

The affected versions of FortiOS and FortiProxy, along with the recommended solutions, are as follows:

• FortiOS 7.4: Versions 7.4.0 through 7.4.2 should be upgraded to 7.4.3 or above.
• FortiOS 7.2: Versions 7.2.0 through 7.2.6 should be upgraded to 7.2.7 or above.
• FortiOS 7.0: Versions 7.0.0 through 7.0.13 should be upgraded to 7.0.14 or above.
• FortiOS 6.4: Versions 6.4.0 through 6.4.14 should be upgraded to 6.4.15 or above.
• FortiOS 6.2: Versions 6.2.0 through 6.2.15 should be upgraded to 6.2.16 or above.
• FortiOS 6.0: Versions 6.0.0 through 6.0.17 should be upgraded to 6.0.18 or above.
• FortiProxy 7.4: Versions 7.4.0 through 7.4.2 should be upgraded to 7.4.3 or above.
• FortiProxy 7.2: Versions 7.2.0 through 7.2.8 should be upgraded to 7.2.9 or above.
• FortiProxy 7.0: Versions 7.0.0 through 7.0.14 should be upgraded to 7.0.15 or above.
• FortiProxy 2.0: Versions 2.0.0 through 2.0.13 should be upgraded to 2.0.14 or above.
• FortiProxy 1.2, 1.1, and 1.0: All versions should migrate to a fixed release.

Users can follow the recommended upgrade path using Fortinet’s upgrade tool.

As a temporary measure, Fortinet advises disabling the SSL VPN feature, noting that simply disabling web mode is not a valid workaround.

Exploitation and Impact

The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that CVE-2024-21762 has been exploited by adding it to its Known Exploited Vulnerabilities Catalog.

The vulnerability has been exploited by attackers actively seeking to compromise devices that have not yet been patched.

Most potential targets are in the United States, India, Brazil, and Canada.

The urgency to patch the vulnerability is underscored by the high CVSS score and the ease of exploitation, which could grant attackers access to sensitive information.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.