March 18, 2024 at 03:08PM
Despite a slight increase in patching, over 133,000 Fortinet appliances remain vulnerable to the critical security flaw CVE-2024-21762. The vulnerability allows remote code execution and is actively exploited. Another critical flaw, CVE-2023-48788, has been disclosed, adding to the patching workload. The widespread attacks make swift patching crucial.
Key takeaways from the meeting notes:
– The number of Fortinet appliances vulnerable to CVE-2024-21762 is still extremely high, with more than 133,000 devices exposed to the critical security flaw.
– The vulnerability, which allows for remote code execution (RCE), has been actively exploited, and proof of concepts are widely available online.
– Despite Fortinet’s efforts to patch CVE-2024-21762 in early February, the exposures are most prevalent in Asia, followed by North America and Europe.
– Additionally, a new critical-severity bug, CVE-2023-48788, an SQL Injection flaw in FortiClient EMS, has been disclosed, further adding to the patching workload.
– Experts predict that active exploitation of CVE-2023-48788 is likely to occur soon, and several other Fortinet vulnerabilities have been targeted by nation-state threat actors and ransomware groups.
Overall, it’s evident from the meeting notes that the vulnerabilities in Fortinet devices pose a significant risk, as they are actively exploited and targeted by threat actors, including state-sponsored offensive cyber groups.