Critical Fortinet flaw may impact 150,000 exposed devices

Original Source: Bleeping Computer

Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication.

America's Cyber Defense Agency CISA confirmed last month that attackers are actively exploiting the flaw by adding it to its Known Exploited Vulnerabilities (KEV) catalog.

Vulnerable versions all over the world

Almost a month after Fortinet addressed CVE-2024-21762, The Shadowserver Foundation announced on Thursday that it found nearly 150,000 vulnerable devices.

Shadowserver's Piotr Kijewski told BleepingComputer that their scans check for vulnerable versions, so the number of affected devices may be lower if admins applied mitigations instead of upgrading.

A remote attacker could exploit CVE-2024-21762 (9.8 severity score as per NIST) by sending specially crafted HTTP requests to vulnerable machines.

According to Shadowserver data, most vulnerable devices, more than 24,000, are in the United States, followed by India, Brazil, and Canada.

Vulnerability map for CVE-2024-21762
Devices with vulnerable versions of FortiOS and FortiProxy
source: The Shadowserver Foundation

Details about threat actors actively exploiting CVE-2024-21762 are currently limited, as public platforms are not showing such activity or the vulnerability is being leveraged in select attacks by more sophisticated adversaries.

A day after Fortinet's advisory, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed active exploitation of the vulnerability by adding it to its KEV catalog.

Companies can check if their SSL VPN systems are vulnerable to this issue by running a simple Python script developed by researchers at offensive security company BishopFox.

FortiOS is Fortinet's operating system with security features such as protection against denial-of-service (DoS) attacks, intrusion prevention (IPS), firewall, and VPN services.

It powers all Fortinet Security Fabric devices, from firewalls to access points, switches, and network access control products, providing visibility and control, centralized management across the network, and consistent deployment and enforcement of security policies.

FortiProxy is a secure web proxy solution with protection capabilities against web and DNS-based threats, data loss. It integrates an antivirus, intrusion prevention, and client browser isolation.

Source URL: https://www.bleepingcomputer.com/news/security/critical-fortinet-flaw-may-impact-150-000-exposed-devices/

Author: Ionut Ilascu

Leave a Comment