New Fortinet RCE bug has been actively exploited, CISA confirms

CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday.

The flaw (CVE-2024-21762) is caused by an out-of-bounds write weakness in the FortiOS operating system that could let unauthenticated attackers remotely execute arbitrary code using maliciously crafted HTTP requests.

Administrators who cannot immediately deploy security updates to fix vulnerable devices can remove the attack vector by disabling SSL VPN on the device.

CISA's announcement comes a day after Fortinet published a security advisory saying the flaw was “potentially being exploited on a large scale.”

While the company has not yet shared more details about potential CVE-2022-48618, CISA has added the vulnerability to its known exploited vulnerabilities catalog, warning that such bugs are “persistent attack vectors for malicious cyber actors.” ” that pose a “significant risk to the federal government.” Enterprise.”

The cybersecurity agency ordered US federal agencies to secure FortiOS devices against this security bug within seven days, by February 16, in accordance with the Binding Operating Instruction (BOD 22-01) issued in November 2021.

confusing revelations

Fortinet this week fixed two other critical RCE vulnerabilities (CVE-2024-23108 and CVE-2024-23109) in its FortiSIEM solution.

Initially, the company denied that the CVEs were real and claimed that they were duplicates of a similar flaw (CVE-2023-34992) that was fixed in October.

However, Fortinet's disclosure process was very confusing, with the company first denying the CVE was genuine and claiming that they were accidentally releasing a duplicate of a similar flaw (CVE-2023-34992) that was fixed in October due to an API issue. Were born in the form.

As it turned out, the bug was discovered and reported Horizon3 Vulnerability Expert Zach HanleyThe company eventually acknowledged that both CVEs were variants of the original CVE-2023-34992 bug.

Because remote unauthenticated attackers could use these vulnerabilities to execute arbitrary code on vulnerable devices, it is strongly recommended to immediately secure all Fortinet devices as soon as possible.

Fortinet vulnerabilities (sometimes referred to as zero-days) are commonly targeted in cyber espionage campaigns and ransomware attacks to break into corporate networks.

For example, Fortinet said Wednesday that the Chinese Volt Typhoon hacking group exploited two FortiOS SSL VPN flaws (CVE-2022-42475 and CVE-2023-27997) in attacks where they deployed Coathanger custom malware.

Coathanger is a remote access trojan (RAT) that targets FortiGate network security appliances and was recently used to backdoor a military network of the Dutch Ministry of Defence.

Leave a Comment

“The Untold Story: Yung Miami’s Response to Jimmy Butler’s Advances During an NBA Playoff Game” “Unveiling the Secrets: 15 Astonishing Facts About the PGA Championship”