Flash Alert - Significant vulnerability in FortiOS
SOS Intelligence
Dark Web Monitoring toolkit for business and enterprise. Managed Threat Intelligence services and data-breach alerts.
Hello there,
CVE-2024-21762 CVSS: 9.8 CRITICAL
Fortinet has disclosed a significant vulnerability in FortiOS, their network operating system.
An out-of-bounds write issue is present in multiple versions of the product, potentially allowing any threat actor to remotely execute code and commands without authorisation, by utilising specifically crafted HTTP requests.
The vulnerability impacts the following: Fortinet FortiOS versions 7.4.0 through 7.4.2 7.2.0 through 7.2.6 7.0.0 through 7.0.13 6.4.0 through 6.4.14 6.2.0 through 6.2.15 6.0.0 through 6.0.17 FortiProxy versions 7.4.0 through 7.4.2 7.2.0 through 7.2.8 7.0.0 through 7.0.14 2.0.0 through 2.0.13 1.2.0 through 1.2.13 1.1.0 through 1.1.6 1.0.0 through 1.0.7
Fortinet has detailed a workaround; disabling SSL VPN, and has provided guidance on ensuring that any affected products are updated. They have further disclosed their belief that this vulnerability is being exploited in the wild.
This comes soon after the discovery of Chinese APT VOLT TYPHOON actively targeting FortiOS to deploy their custom malware COATHANGER, including against the Dutch Ministry of Defence.
Stay safe,
Daniel Collyer
Threat Intelligence Analyst
SOS Intelligence