On Thursday, February 8th, the Fortinet Product Security Incident Response Team released an advisory (FG-IR-24-015) notifying of an out-of-bound write vulnerability in their SSL VPN tracked as CVE-2024-21762. The vulnerability “may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests”. This is concerning as there are estimates of over 490,000 Fortinet SSL VPN appliances on the internet which by design, are on the edge of customer networks.
Fortinet has advised that the vulnerability is being “potentially exploited in the wild” but, at this time have not provided any further information. This comes only a day after a Fortinet blog entry deep diving into the exploitation of previously disclosed Fortinet vulnerabilities using techniques indicative of nation state actors.
Vulnerability Workaround: Disable SSL VPN (Note: disable webmode is NOT a valid workaround)
Vulnerability Remediation:
Version | Affected | Solution |
FortiOS 7.6 | Not affected | Not Applicable |
FortiOS 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
FortiOS 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
FortiOS 7.0 | 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above |
FortiOS 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
FortiOS 6.2 | 6.2.0 through 6.2.15 | Upgrade to 6.2.16 or above |
FortiOS 6.0 | 6.0 all versions | Migrate to a fixed release |
If you are a current Fortinet customer, CleanINTERNET® will continue to provide dynamic threat intelligence based protection against known indicators of compromise, limiting threat actors ability to attack. Additional shielding opportunities may become available depending on observed network traffic.
If you are a current client of Fortinet please contact support@centripetal.ai.
Centripetal is pleased to offer Penetration Testing and Vulnerability Assessment services to help organizations identify vulnerabilities and reduce risk. If interested, please contact our Professional Services team at profservs@centripetal.ai or reach out to your Centripetal Account Representative.