Article Details
Scrape Timestamp (UTC): 2024-03-08 20:40:49.386
Original Article Text
Click to Toggle View
Critical Fortinet flaw may impact 150,000 exposed devices. Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. America's Cyber Defense Agency CISA confirmed last month that attackers are actively exploiting the flaw by adding it to its Known Exploited Vulnerabilities (KEV) catalog. Vulnerable versions all over the world Almost a month after Fortinet addressed CVE-2024-21762, The Shadowserver Foundation announced on Thursday that it found nearly 150,000 vulnerable devices. Shadowserver's Piotr Kijewski told BleepingComputer that their scans check for vulnerable versions, so the number of affected devices may be lower if admins applied mitigations instead of upgrading. A remote attacker could exploit CVE-2024-21762 (9.8 severity score as per NIST) by sending specially crafted HTTP requests to vulnerable machines. According to Shadowserver data, most vulnerable devices, more than 24,000, are in the United States, followed by India, Brazil, and Canada. Details about threat actors actively exploiting CVE-2024-21762 are currently limited, as public platforms are not showing such activity or the vulnerability is being leveraged in select attacks by more sophisticated adversaries. A day after Fortinet's advisory, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed active exploitation of the vulnerability by adding it to its KEV catalog. Companies can check if their SSL VPN systems are vulnerable to this issue by running a simple Python script developed by researchers at offensive security company BishopFox. FortiOS is Fortinet's operating system with security features such as protection against denial-of-service (DoS) attacks, intrusion prevention (IPS), firewall, and VPN services. It powers all Fortinet Security Fabric devices, from firewalls to access points, switches, and network access control products, providing visibility and control, centralized management across the network, and consistent deployment and enforcement of security policies. FortiProxy is a secure web proxy solution with protection capabilities against web and DNS-based threats, data loss. It integrates an antivirus, intrusion prevention, and client browser isolation.
Daily Brief Summary
Approximately 150,000 Fortinet devices globally are susceptible to CVE-2024-21762, a significant security vulnerability permitting unauthenticated code execution.
CISA has included the flaw in its Known Exploited Vulnerabilities catalog, confirming that it's actively being exploited.
The Shadowserver Foundation detected the exposed devices, which still include the vulnerability nearly a month after Fortinet issued a fix.
The majority of the vulnerable devices are located in the United States, with India, Brazil, and Canada also hosting a significant number.
Information on the actual exploitation of CVE-2024-21762 is limited, suggesting possible use in targeted attacks by sophisticated threat actors.
Companies can use a Python script provided by BishopFox to assess the vulnerability status of their SSL VPN systems.
Fortinet's FortiOS and FortiProxy are critical to the security infrastructure, providing services such as DoS protection, IPS, firewall, VPN, and secure web proxy.