Fortinet FortiOS critical bug CVE-2024-21762 could impact 150,000 internet-connected devices
Pierluigi Paganini
March 9, 2024
Researchers warn that Fortinet FortiOS critical vulnerability CVE-2024-21762 could impact 150,000 exposed devices.
Fortinet in February warned The FortiOS SSL VPN critical remote code execution vulnerability CVE-2024-21762 (CVSS score 9.6) has been observed to be actively exploited in a real-world attack.
The security company did not disclose details of the attack that exploited this vulnerability.
This issue is an out-of-bounds write vulnerability that can be exploited by sending a specially crafted HTTP request to a vulnerable instance. The vendor recommends disabling her SSL VPN as a workaround.
“Out-of-bounds write vulnerability [CWE-787] FortiOS could allow an unauthenticated, remote attacker to execute arbitrary code or commands via a specially crafted HTTP request. ” reads the advisory.
“Workaround: Disable SSL VPN (disabling web mode is not a valid workaround). Note: This can be exploited in the wild.”
The following table contains a list of affected versions and available versions that may resolve the issue.
| version | to be influenced | solution |
|---|---|---|
| Forty iOS 7.6 | not affected | not applicable |
| Forty iOS 7.4 | 7.4.0 to 7.4.2 | Upgrade to 7.4.3 or later |
| Forty iOS 7.2 | 7.2.0 to 7.2.6 | Upgrade to 7.2.7 or later |
| Forty iOS 7.0 | 7.0.0 to 7.0.13 | Upgrade to 7.0.14 or later |
| Forty iOS 6.4 | 6.4.0 to 6.4.14 | Upgrade to 6.4.15 or later |
| Forty iOS 6.2 | 6.2.0 to 6.2.15 | Upgrade to 6.2.16 or later |
| Forty iOS 6.0 | 6.0 all versions | Move to fix release |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
This week, researchers at the Shadowserver Foundation announced Even though Fortinet added this issue to its catalog, we found that approximately 150,000 devices may still be affected by this issue.
Researchers scanned the internet for internet-facing Fortinet FortiOS and FortiProxy secure web gateway systems that are vulnerable to CVE-2024-21762.
The majority of vulnerable devices (as of March 9, 2024) are located in the United States (24.647 devices), followed by India (7.713 devices) and Brazil (4.934 devices).
GreyNoise researchers also published an interesting analysis of this bug titled “Hunting for Fortinet CVE-2024-21762: Vulnerability research for detection engineering.”
Follow us on Twitter: @securityaffairs and Facebook
Pierluigi Paganini
(Security related matters – Hacking, FortiOS)
