FortiOS or FortiOhNo

Share This Post

Following a trend we have been seeing, attackers are targeting VPN vulnerabilities to access corporate networks. This time it’s Fortinet’s FortiOS that is being actively exploited. CVE-2024-21762 (CVSS 9.6) is an out-of-bounds write vulnerability that an unauthenticated attacker could use to execute malicious code.

There is a patch available so you should apply that as quickly as possibly and it is recommended to disable SSL VPN, which kind of defeats the purpose of having a VPN, to prevent exploitation. Not a fun position to be in for companies using this. Unfortunately there isn’t a lot more information out about this one yet.

This comes on the heels of a very confusing period for Fortinet where they announced two, YES TWO!, critical vulnerabilities to the FortiSiem solution in one day. CVE-2024-23108 and CVE-2024-23109 were both rated 10 by Fortinet but “only” a 9.8 by the NVD. Fortinet then announced that they weren’t new and were a duplicate of a critical vulnerability from October 2023, only to backtrack a few hours later and say they were new vulnerabilities after all. Clear as mud, just what users like. Like the FortiOS vulnerability these allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.

And if that wasn’t enough it was announced last week that Chinese attackers had exploited a vulnerability in the FortiOS SSL-VPN, CVE-2022-42475, CVSS: 9.3, used by the Dutch Military last year and were able to successfully deploy a backdoor into the network.

The best advice, as always, is to threat hunt looking for unusual files and/or activity if you have a device impacted by any of the vulnerabilities in this article.

If you think you may be affected and would like help investigating the issue, please reach out to csirt@frsecure.com

Links
https://www.cisa.gov/news-events/alerts/2024/02/09/fortinet-releases-security-advisories-fortios

https://fortiguard.fortinet.com/psirt/FG-IR-24-015

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-fortisiem-rce-bugs-in-confusing-disclosure/

https://www.reuters.com/technology/cybersecurity/china-cyber-spies-hacked-computers-dutch-defence-ministry-report-2024-02-06/



Reach out to our incident response team for help

More To Explore

Information Security News 9-30-2024

NIST Drops Password Complexity, Mandatory Reset Rules Article Link: https://www.darkreading.com/identity-access-management-security/nist-drops-password-complexity-mandatory-reset-rules Hacker Plants False Memories in ChatGPT to Steal User Data in Perpetuity Article Link: https://arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel/

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.