February 8, 2024 at 06:14PM
Fortinet warns of a critical remote code execution vulnerability (CVE-2024-21762/FG-IR-24-015) in FortiOS SSL VPN, with a 9.6 severity rating. Unpatched versions affected. Recommended upgrades provided. Those unable to patch can mitigate by disabling SSL VPN. Potential exploitation by threat actors. Urgent device updates advised due to high severity and possible exploitation.
Based on the meeting notes, here are the key takeaways:
– A critical remote code execution vulnerability (CVE-2024-21762 / FG-IR-24-015) in FortiOS SSL VPN has been identified by Fortinet. It has a severity rating of 9.6 and is potentially being exploited in attacks.
– To patch the vulnerability, Fortinet recommends upgrading to the latest versions of FortiOS based on the provided table.
– If unable to apply patches, it is recommended to mitigate the flaw by disabling SSL VPN on FortiOS devices.
– There are no specific details provided on how the vulnerability is being exploited or the discoverer of the vulnerability.
– Additionally, three other vulnerabilities (CVE-2024-23113, CVE-2023-44487, and CVE-2023-47537) were disclosed, but they are not marked as being exploited in the wild.
– It was mentioned that threat actors, including Chinese state-sponsored threat actors, target Fortinet flaws for ransomware attacks and cyber espionage.
– Furthermore, a custom remote access trojan (RAT) called COATHANGER was used in attacks on the Dutch Ministry of Defence.
Considering the high severity of CVE-2024-21762 and the potential exploitation in attacks, it is strongly advised to update devices as soon as possible.