February 9, 2024 at 04:09PM
Fortinet has released critical patches for a remote code execution vulnerability, tracked as CVE-2024-21762, in FortiOS impacting versions 6.0, 6.2, 6.4, 7.0, 7.2, and 7.4. FortiOS 7.6 is unaffected. Fortinet advises migrating from version 6.0. Disabling SSL VPN is a workaround, but does not fully mitigate the vulnerability. The Chinese threat group, Volt Typhoon, has targeted Fortinet devices. Additionally, a separate issue, CVE-2024-23113, has been patched.
Key points from the meeting notes:
– Fortinet has announced patches for a critical remote code execution vulnerability in FortiOS, tracked as CVE-2024-21762.
– The vulnerability impacts FortiOS versions 6.0, 6.2, 6.4, 7.0, 7.2, and 7.4, with patches released for most impacted versions except for 6.0. Users of version 6.0 are advised to migrate to a newer version, with FortiOS 7.6 confirmed to be unaffected.
– A workaround suggested by Fortinet is to disable the SSL VPN feature, as disabling the SSL VPN web mode does not mitigate the vulnerability.
– CVE-2024-21762 is described as a zero-day vulnerability, potentially being exploited in the wild, and can be exploited by a remote unauthenticated attacker for arbitrary code execution using specially crafted HTTP requests.
– Fortinet’s advisory comes amid the revelation that some customers have not yet patched older vulnerabilities, CVE-2022-42475 and CVE-2023-27997, which have been exploited in attacks by APTs linked to China and other countries, with the threat group Volt Typhoon known to target Fortinet devices.
– Fortinet has also announced patches for CVE-2024-23113, an internally discovered issue that can be exploited for unauthenticated remote code execution.
Additionally, it’s worth noting that there are related articles warning customers of possible zero-day exploitation and patches for critical vulnerabilities in FortiSIEM, FortiOS, FortiProxy, and FortiWeb products.