Security
Headlines
HeadlinesLatestCVEs

Headline

CISA and Fortinet Warns of New FortiOS Zero-Day Flaws

By Deeba Ahmed Patch Now or Get Hacked: Researchers Confirm Potentially Active Exploitation of One of the FortiOS Flaws in the Wild. This is a post from HackRead.com Read the original post: CISA and Fortinet Warns of New FortiOS Zero-Day Flaws

HackRead
#vulnerability#ios#cisco#rce#auth#zero_day#ssl

Fortinet has classified both security vulnerabilities as critical. Additionally, CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog with pertinent details regarding the issue.

Network security vendor Fortinet has released security updates to address remote code execution vulnerabilities (CVE-2024-21762, CVE-2024-23313) in FortiOS. The vulnerabilities could be exploited by cyber threat actors to control affected systems. Fortinet noted that CVE-2024-21762 is potentially being exploited in the wild.

Following the advisory from Fortinet, the US Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog on February 9, 2024, to add CVE-2024-21762. CISA confirmed that this vulnerability, affecting multiple versions, is being actively exploited in attacks,

As per Fortinet, CVE-2024-21762 (CVSS 9.6/10.0, rated Critical) is an out-of-bounds write vulnerability detected in SSL VPN. It allows remote unauthenticated actors to execute arbitrary code/commands through specially designed HTTP requests.

On the other hand, CVE-2024-23113 (CVSS 9.8/10.0, rated Critical) is a format string bug found in the FortiOS Forti/gate to FortiManager protocol and allows remote, unauthenticated actors to execute arbitrary code and commands. However, there is no evidence this vulnerability is being exploited in the wild.

The vulnerabilities affect versions 6.0, 6.2, 6.4, 7.0, 7.2, and 7.4. Fortinet has released patches for each affected version except for 6.0 for which users are advised to migrate to a newer version. It is worth noting that FortiOS 7.6 is not impacted.

The vendor stated that it balances customer security with a “culture of researcher collaboration and transparency” and regularly communicates with customers on security measures through their PSIRT Advisory process.

Still, the detection of ‘critical’ vulnerabilities in Fortinet OS has raised concerns among the cybersecurity community. CISA had earlier disclosed that a China-linked threat group Volt Typhoon has been exploiting vulnerabilities in network appliances from various vendors, including Fortinet, Citrix, Cisco, Ivanti, and NetGear.

“In fact, the U.S. authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years,” the advisory read.

In one of the instances discovered by the Dutch agencies, the group likely obtained initial access by exploiting CVE-2022-42475 in an unpatched network perimeter FortiGate 300D firewall.

For insights into the latest Fortinet flaws and the rising concerns about vulnerabilities in network appliances, we reached out to Mayuresh Dani, Manager, Security Research, at Qualys Threat Research Unit who emphasised that Fortinet alerted its partners about the vulnerability before the public advisory. Considering this, the vulnerability might be easy to exploit, and a Proof of Concept (PoC) disclosure could happen soon.

“Fortinet sent out advanced notifications to its partners about this vulnerability before the advisory was made public. CVE-2024-21762 is already included in the CISA KEV list. The exploit code maturity is also ranked as HIGH in the vendor-supplied CVSS scoring,” noted Mayuresh.

“Given all these facts and the way Fortinet itself has characterized the vulnerability, it may be trivial to exploit this vulnerability and that a PoC disclosure is imminent,” Mayuresh warned. “Furthermore, no user interaction is required for exploitation and there is no mention of how this vulnerability was discovered – internally or via external reports.”

  1. Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk
  2. Hackers dump login credentials of Fortinet VPN users in plain-text
  3. Chinese Hackers Exploiting 0-day Vulnerability in Fortinet Products
  4. Hackers Exploiting Critical Vulnerabilities in Fortinet VPN – FBI-CISA
  5. Critical Flaw Exploited to Bypass Fortinet Products, Compromise Firms

Related news

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day. The vulnerability in question, tracked as CVE-2024-9537 (CVSS v4 score: 9.3), refers to a bug involving an unspecified third-party component that could

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)

Hi there! Here’s your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time. It's a constant battle.

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb. "A

Fortinet FortiOS Out-Of-Bounds Write

Fortinet FortiOS suffers from an out of bounds write vulnerability. Affected includes Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, and 1.0.0 through 1.0.7.

February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW

Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239140 Let’s start with my open source projects. Vulremi A simple vulnerability remediation utility, Vulremi, now has a logo and […]

Here Are the Google and Microsoft Security Updates You Need Right Now

Plus: Mozilla patches 12 flaws in Firefox, Zoom fixes seven vulnerabilities, and more critical updates from February.

Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution

Other potential code execution vulnerabilities are also present in Weston Embedded µC/HTTP-server, a web server component in Weston Embedded's in-house operating system and an open-source library that processes several types of potentially sensitive medical tests.

Fortinet Warns of Critical FortiOS SSL VPN Vulnerability Under Active Exploitation

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands. "A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially

Fortinet Warns of Critical FortiOS SSL VPN Vulnerability Under Active Exploitation

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands. "A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized

Critical FortiOS and FortiProxy Vulnerability Likely Exploited - Patch Now!

Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been "exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could

Backdoor into FortiOS: Chinese Threat Actors Utilize 0-Day

By Deeba Ahmed Chinese hackers are exploiting a previously patched vulnerability found in Fortinet FortiOS SSL-VPN by using new malware called BOLDMOVE. This is a post from HackRead.com Read the original post: Backdoor into FortiOS: Chinese Threat Actors Utilize 0-Day

New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability

A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October 2022, at least nearly two months before fixes were

Attackers Crafted Custom Malware for Fortinet Zero-Day

The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.

FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations

A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers said in a post-mortem analysis published this week. The

CVE-2022-42475: Fortiguard

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability

The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518, could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and

Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability

Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as CVE-2022-42475 (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests. The company said