A critical security flaw identified as CVE-2024-21762 has been discovered in Fortinet’s FortiOS and FortiProxy secure web gateway systems, potentially impacting around 150,000 devices worldwide.
The vulnerability allows for unauthenticated remote code execution (RCE) by sending specially crafted HTTP requests to the affected machines.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that attackers actively exploit the flaw, adding it to its Known Exploited Vulnerabilities (KEV) catalog.
Federal Civilian Executive Branch (FCEB) agencies must apply the fixes by February 16, 2024, to secure their networks against potential threats.
CVE-2024-21762 – Devices Affected
The vulnerability affects a wide range of Fortinet’s security appliances, including versions of FortiOS, FortiProxy, FortiSwitchManager, and FortiAnalyzer.
These devices are commonly used by organizations to manage network security, making the flaw particularly concerning because it could grant sensitive information access.
Malware analysis can be fast and simple. Just let us show you the way to:
- Interact with malware safely
- Set up virtual machine in Linux and all Windows OS versions
- Work in a team
- Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox:
According to the FortiGuard Labs’ security advisory, the vulnerability is the result of an improper limitation of a pathname to a restricted directory, which could be exploited by an unauthenticated attacker via the internet.
This could lead to arbitrary code execution on the underlying operating system of affected devices.
Exploitation of this vulnerability has been reported in the wild, with attackers actively seeking to compromise devices that have not yet been patched.
The flaw’s severity has been underscored by its high CVSS score, which reflects the ease of exploitation and the potential impact on affected systems.
As per the Shadowserver report, more than 150,000 devices have been identified as vulnerable.
Fortinet has released patches for the affected versions and is urging customers to update their devices immediately to mitigate the risk. The affected versions and the corresponding patches can be found on Fortinet’s official advisory page.
For users and administrators who are unsure if their devices are vulnerable, a check script has been made available on GitHub by BishopFox. The script, named CVE-2024-21762-check, can be used to determine if a Fortinet device is susceptible to the flaw, facilitating a more efficient response to the threat.
In the meantime, Fortinet has also provided a workaround for those unable to apply the patches immediately. The workaround involves disabling the HTTP/HTTPS administrative interface or limiting IP access to trusted hosts. However, this is only temporary, and users are strongly advised to apply the official patches as soon as possible.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.