FortiOS or FortiOhNo

Share This Post

Following a trend we have been seeing, attackers are targeting VPN vulnerabilities to access corporate networks. This time it’s Fortinet’s FortiOS that is being actively exploited. CVE-2024-21762 (CVSS 9.6) is an out-of-bounds write vulnerability that an unauthenticated attacker could use to execute malicious code.

There is a patch available so you should apply that as quickly as possibly and it is recommended to disable SSL VPN, which kind of defeats the purpose of having a VPN, to prevent exploitation. Not a fun position to be in for companies using this. Unfortunately there isn’t a lot more information out about this one yet.

This comes on the heels of a very confusing period for Fortinet where they announced two, YES TWO!, critical vulnerabilities to the FortiSiem solution in one day. CVE-2024-23108 and CVE-2024-23109 were both rated 10 by Fortinet but “only” a 9.8 by the NVD. Fortinet then announced that they weren’t new and were a duplicate of a critical vulnerability from October 2023, only to backtrack a few hours later and say they were new vulnerabilities after all. Clear as mud, just what users like. Like the FortiOS vulnerability these allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.

And if that wasn’t enough it was announced last week that Chinese attackers had exploited a vulnerability in the FortiOS SSL-VPN, CVE-2022-42475, CVSS: 9.3, used by the Dutch Military last year and were able to successfully deploy a backdoor into the network.

The best advice, as always, is to threat hunt looking for unusual files and/or activity if you have a device impacted by any of the vulnerabilities in this article.

If you think you may be affected and would like help investigating the issue, please reach out to csirt@frsecure.com

Links
https://www.cisa.gov/news-events/alerts/2024/02/09/fortinet-releases-security-advisories-fortios

https://fortiguard.fortinet.com/psirt/FG-IR-24-015

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-fortisiem-rce-bugs-in-confusing-disclosure/

https://www.reuters.com/technology/cybersecurity/china-cyber-spies-hacked-computers-dutch-defence-ministry-report-2024-02-06/



Reach out to our incident response team for help

More To Explore

Information Security News – 8/25/2025

Staying One Step Ahead Article Link: https://www.fbi.gov/contact-us/field-offices/jacksonville/news/staying-one-step-ahead New USF Program Focused on AI and Cybersecurity Article Link: https://www.fox13news.com/news/new-usf-program-focused-ai-cyber-security Executives Warned About Celebrity Podcast Scams Article

Information Security News – 8/18/2025

DEF CON Research Takes Aim at ZTNA, Calls It a Bust Article Link: https://www.networkworld.com/article/4039042/def-con-research-takes-aim-at-ztna-calls-it-a-bust.html Personalization in Phishing: Advanced Tactics for Malware Article Link: https://cofense.com/blog/personalization-in-phishing-advanced-tactics-for-malware-delivery Gemini

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.