New Fortinet RCE flaw in SSL VPN Exploited in the Wild

Written by Mitchell Langley

February 12, 2024

New Fortinet RCE flaw in SSL VPN Exploited in the Wild

Fortinet has issued a warning regarding a serious vulnerability in FortiOS SSL VPN. This Fortinet RCE flaw, identified as CVE-2024-21762 / FG-IR-24-015, poses a significant risk as it can potentially be exploited in attacks. It has been assigned a severity rating of 9.6.

Fortinet RCE Flaw Out-of-Bounds Write Vulnerability Within

The flaw is an out-of-bounds write vulnerability within FortiOS, which enables unauthorized attackers to gain remote code execution (RCE) by utilizing specially crafted requests.

To patch the bug, Fortinet recommends upgrading to one of the latest version:

  • | FortiOS 6.0| 6.0 all versions | Migrate to a fixed release|
  • |FortiOS 6.2| 6.2.0 through 6.2.15| Upgrade to 6.2.16 or above|
  • |FortiOS 6.4| 6.4.0 through 6.4.14| Upgrade to 6.4.15 or above| 
  • |FortiOS 7.0| 7.0.0 through 7.0.13| Upgrade to 7.0.14 or above|
  • |FortiOS 7.2| 7.2.0 through 7.2.6| Upgrade to 7.2.7 or above|
  • |FortiOS 7.4| 7.4.0 through 7.4.2| Upgrade to 7.4.3 or above|
  • |FortiOS 7.6| Not affected

In cases where applying patches is not feasible, it is recommended to mitigate the vulnerability by disabling SSL VPN on your FortiOS devices. Unfortunately, Fortinet’s advisory does not include specific information about the exploitation of this vulnerability or its discoverer.

Today, the disclosure includes other vulnerabilities as well, namely CVE-2024-23113 (Critical, rated 9.8), CVE-2023-44487 (Medium), and CVE-2023-47537 (Medium). However, there is no indication that these vulnerabilities are currently being exploited in real-world scenarios.

Fortinet vulnerabilities are frequently exploited by threat actors to compromise corporate networks for ransomware attacks and cyber espionage purposes. Recently, Fortinet disclosed that Chinese state-sponsored threat actors, known as Volt Typhoon, specifically targeted FortiOS vulnerabilities.

They utilized a custom malware called COATHANGER, which is a remote access trojan (RAT) designed to infect Fortigate network security appliances. This malware has been detected in attacks against the Dutch Ministry of Defence. Considering the severity of the newly disclosed CVE-2024-21762 flaw and the potential for exploitation, it is strongly recommended that you promptly update your devices to mitigate the risk.

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!