Fortinet has issued a warning regarding a serious vulnerability in FortiOS SSL VPN. This Fortinet RCE flaw, identified as CVE-2024-21762 / FG-IR-24-015, poses a significant risk as it can potentially be exploited in attacks. It has been assigned a severity rating of 9.6.
Fortinet RCE Flaw Out-of-Bounds Write Vulnerability Within
The flaw is an out-of-bounds write vulnerability within FortiOS, which enables unauthorized attackers to gain remote code execution (RCE) by utilizing specially crafted requests.
To patch the bug, Fortinet recommends upgrading to one of the latest versions:
- |FortiOS 6.0| 6.0 all versions | Migrate to a fixed release
- |FortiOS 6.2| 6.2.0 through 6.2.15 | Upgrade to 6.2.16 or above
- |FortiOS 6.4| 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above
- |FortiOS 7.0| 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above
- |FortiOS 7.2| 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above
- |FortiOS 7.4| 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above
- |FortiOS 7.6| Not affected
In cases where applying patches is not feasible, it is recommended to mitigate the vulnerability by disabling SSL VPN on your FortiOS devices. Unfortunately, Fortinet’s advisory does not include specific information about the exploitation of this vulnerability or its discoverer.
Today, the disclosure includes other vulnerabilities as well, namely CVE-2024-23113 (Critical, rated 9.8), CVE-2023-44487 (Medium), and CVE-2023-47537 (Medium). However, there is no indication that these vulnerabilities are currently being exploited in real-world scenarios.
Fortinet vulnerabilities are frequently exploited by threat actors to compromise corporate networks for ransomware attacks and cyber espionage purposes. Recently, Fortinet disclosed that Chinese state-sponsored threat actors, known as Volt Typhoon, specifically targeted FortiOS vulnerabilities.
They utilized a custom malware called COATHANGER, which is a remote access trojan (RAT) designed to infect Fortigate network security appliances. This malware has been detected in attacks against the Dutch Ministry of Defence. Considering the severity of the newly disclosed CVE-2024-21762 flaw and the potential for exploitation, it is strongly recommended that you promptly update your devices to mitigate the risk.