March 11, 2024 at 10:03AM
Fortinet recently patched a critical vulnerability in FortiOS, warning of potential exploitation. Tracked as CVE-2024-21762, the flaw can result in out-of-bounds write issues, allowing remote attackers to execute arbitrary code. While CISA added it to the Known Exploited Vulnerabilities Catalog, there are no reports of mass attacks or confirmed exploitation. Shadowserver has identified potentially impacted systems primarily in the US and India.
From the provided meeting notes, it is evident that Fortinet patched a critical vulnerability in FortiOS and FortiProxy tracked as CVE-2024-21762. The vulnerability has the potential to allow a remote, unauthenticated attacker to execute arbitrary code or commands through specially crafted HTTP requests. Fortinet and CISA have warned customers about the potential exploitation of this vulnerability, but there are no signs of large-scale attacks at this time. Threat intelligence companies like GreyNoise and Shadowserver have been tracking exploitation attempts but have not seen any attacks on their honeypots. It’s worth noting that although there are nearly 150,000 potentially vulnerable systems, there is currently no evidence of widespread attacks. Despite the potential for highly targeted or mass exploitation, more than a month has passed since the initial disclosure, and there are still no reports of mass attacks. This situation indicates that ongoing monitoring and awareness of any developments related to this vulnerability will be critical.