February 9, 2024 at 04:03PM
CISA confirmed active exploitation of a critical RCE bug in Fortinet’s FortiOS. Vulnerable admins can disable SSL VPN to mitigate risk. CISA added the CVE-2022-48618 to its Known Exploited Vulnerabilities Catalog, mandating federal agencies secure FortiOS devices. Fortinet confusingly denied, then admitted RCE vulnerabilities, prompting urgent device security due to potential exploitation risks.
Key takeaways from the meeting notes include:
– CISA has confirmed active exploitation of a critical remote code execution (RCE) bug in Fortinet’s FortiOS operating system, which can be mitigated by disabling SSL VPN on vulnerable appliances if immediate security updates cannot be deployed.
– CISA has added the vulnerability (CVE-2022-48618) to its Known Exploited Vulnerabilities Catalog, emphasizing the risk it poses to federal enterprises and ordering U.S. federal agencies to secure FortiOS devices within seven days.
– Fortinet initially denied two other critical RCE vulnerabilities (CVE-2024-23108 and CVE-2024-23109) as duplicates of a similar flaw but later admitted they were variants of the original bug.
It is strongly advised to secure all Fortinet devices as soon as possible due to the potential for remote unauthenticated attackers to exploit these vulnerabilities, as they are commonly targeted in cyber espionage campaigns and ransomware attacks. Additionally, the Chinese state-backed Volt Typhoon threat group has targeted FortiOS SSL VPN flaws to deploy custom malware.