Hackers Are Exploiting a Critical FortiOS SSL VPN BugPatch or Disable the SSL VPN, Fortinet Says
Fortinet issued a patch update to address a recently discovered vulnerability that could be exploited in live environments to execute remote code.
The bug, tracked as CVE-2024-21762, is a critical flaw that has a CVSS score of 9.6. It allows a remote unauthenticated attacker to use specially crafted HTTP requests to execute arbitrary code or commands.
An out-of-bounds write vulnerability allows a hacker to write data past the end or before the beginning of the intended buffer. This can typically lead to data corruption, a crash or code execution. "The product may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results," according to Mitre.
Fortinet on Thursday rolled out patches and asked users to upgrade.
Those who are unable to patch immediately can disable SSL VPN on their devices, Fortinet highly recommends patching.
The latest patches from Fortinet fix another critical bug, tracked as CVE-2024-23113, that has a 9.8 severity rating and two medium-severity bugs - CVE-2023-44487 and CVE-2023-47537. No attacks exploiting these vulnerabilities have been reported.
Fortinet VPN vulnerabilities are favorites among Chinese state-backed hackers. The Netherlands intelligence agencies disclosed Tuesday details of Chinese espionage hackers penetrating the Dutch military systems in early 2023, using a zero-day exploit in a Fortinet VPN to obtain access to "fewer than 50 users" working on unclassified research and development projects (see: Chinese Hackers Penetrated Unclassified Dutch Network).
Mandiant in January 2023 observed exploitation of the same vulnerability, tracked as CVE-2022-42475, and linked it to China's pattern of exploiting internet-facing security devices (see: Fortinet VPN Flaw Shows Pitfalls of Security Appliances).
Due to the severity of the latest flaw and its likely exploitation in the wild, cybersecurity agencies in Australia and Japan on Friday released separate alerts requesting that Fortinet users patch the vulnerability immediately.