March 8, 2024 at 03:42PM
Around 150,000 Fortinet FortiOS and FortiProxy systems worldwide are vulnerable to CVE-2024-21762, enabling code execution without authentication. The Cyber Defense Agency confirmed active exploitation of the flaw, with the majority of vulnerable devices in the United States. Fortunately, a simple Python script is available to check for vulnerability.
It looks like the meeting notes pertain to a critical security issue regarding the vulnerability of approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems to CVE-2024-21762. The flaw allows for the execution of code without authentication and is actively being exploited by attackers, as confirmed by America’s Cyber Defense Agency CISA. The vulnerable versions of these systems are located all over the world, with the majority of vulnerable devices being in the United States, followed by India, Brazil, and Canada.
In response to this issue, Fortinet provided a workaround for administrators unable to install updates immediately, allowing systems with the SSL VPN feature disabled to be included in the count of vulnerable devices. The severity score for the security flaw is 9.8 as per NIST. Although details about threat actors actively exploiting the vulnerability are currently limited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed active exploitation and added it to its Known Exploited Vulnerabilities (KEV) catalog.
To check if SSL VPN systems are vulnerable to this issue, companies can utilize a Python script developed by researchers at the offensive security company BishopFox. This security issue is critical as it affects the Fortinet operating system, which powers all Fortinet Security Fabric devices, and the FortiProxy secure web proxy solution. The operating system offers security features such as protection against denial-of-service (DoS) attacks, intrusion prevention (IPS), firewall, and VPN services, while the web proxy solution includes protection capabilities against web and DNS-based threats, data loss, and antivirus and intrusion prevention features.