Headline
CISA and Fortinet Warns of New FortiOS Zero-Day Flaws
By Deeba Ahmed Patch Now or Get Hacked: Researchers Confirm Potentially Active Exploitation of One of the FortiOS Flaws in the Wild. This is a post from HackRead.com Read the original post: CISA and Fortinet Warns of New FortiOS Zero-Day Flaws
Fortinet has classified both security vulnerabilities as critical. Additionally, CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog with pertinent details regarding the issue.
Network security vendor Fortinet has released security updates to address remote code execution vulnerabilities (CVE-2024-21762, CVE-2024-23313) in FortiOS. The vulnerabilities could be exploited by cyber threat actors to control affected systems. Fortinet noted that CVE-2024-21762 is potentially being exploited in the wild.
Following the advisory from Fortinet, the US Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog on February 9, 2024, to add CVE-2024-21762. CISA confirmed that this vulnerability, affecting multiple versions, is being actively exploited in attacks,
As per Fortinet, CVE-2024-21762 (CVSS 9.6/10.0, rated Critical) is an out-of-bounds write vulnerability detected in SSL VPN. It allows remote unauthenticated actors to execute arbitrary code/commands through specially designed HTTP requests.
On the other hand, CVE-2024-23113 (CVSS 9.8/10.0, rated Critical) is a format string bug found in the FortiOS Forti/gate to FortiManager protocol and allows remote, unauthenticated actors to execute arbitrary code and commands. However, there is no evidence this vulnerability is being exploited in the wild.
The vulnerabilities affect versions 6.0, 6.2, 6.4, 7.0, 7.2, and 7.4. Fortinet has released patches for each affected version except for 6.0 for which users are advised to migrate to a newer version. It is worth noting that FortiOS 7.6 is not impacted.
The vendor stated that it balances customer security with a “culture of researcher collaboration and transparency” and regularly communicates with customers on security measures through their PSIRT Advisory process.
Still, the detection of ‘critical’ vulnerabilities in Fortinet OS has raised concerns among the cybersecurity community. CISA had earlier disclosed that a China-linked threat group Volt Typhoon has been exploiting vulnerabilities in network appliances from various vendors, including Fortinet, Citrix, Cisco, Ivanti, and NetGear.
“In fact, the U.S. authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years,” the advisory read.
In one of the instances discovered by the Dutch agencies, the group likely obtained initial access by exploiting CVE-2022-42475 in an unpatched network perimeter FortiGate 300D firewall.
For insights into the latest Fortinet flaws and the rising concerns about vulnerabilities in network appliances, we reached out to Mayuresh Dani, Manager, Security Research, at Qualys Threat Research Unit who emphasised that Fortinet alerted its partners about the vulnerability before the public advisory. Considering this, the vulnerability might be easy to exploit, and a Proof of Concept (PoC) disclosure could happen soon.
“Fortinet sent out advanced notifications to its partners about this vulnerability before the advisory was made public. CVE-2024-21762 is already included in the CISA KEV list. The exploit code maturity is also ranked as HIGH in the vendor-supplied CVSS scoring,” noted Mayuresh.
“Given all these facts and the way Fortinet itself has characterized the vulnerability, it may be trivial to exploit this vulnerability and that a PoC disclosure is imminent,” Mayuresh warned. “Furthermore, no user interaction is required for exploitation and there is no mention of how this vulnerability was discovered – internally or via external reports.”
- Critical RCE Vulnerability Puts 330,000 Fortinet Firewalls at Risk
- Hackers dump login credentials of Fortinet VPN users in plain-text
- Chinese Hackers Exploiting 0-day Vulnerability in Fortinet Products
- Hackers Exploiting Critical Vulnerabilities in Fortinet VPN – FBI-CISA
- Critical Flaw Exploited to Bypass Fortinet Products, Compromise Firms
Related news
More on the recent Snowflake breach, MFA bypass techniques and more.
Fortinet FortiOS suffers from an out of bounds write vulnerability. Affected includes Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, and 1.0.0 through 1.0.7.
Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239140 Let’s start with my open source projects. Vulremi A simple vulnerability remediation utility, Vulremi, now has a logo and […]
Plus: Mozilla patches 12 flaws in Firefox, Zoom fixes seven vulnerabilities, and more critical updates from February.
Other potential code execution vulnerabilities are also present in Weston Embedded µC/HTTP-server, a web server component in Weston Embedded's in-house operating system and an open-source library that processes several types of potentially sensitive medical tests.
Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands. "A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially
Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands. "A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized
Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been "exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could
By Deeba Ahmed Chinese hackers are exploiting a previously patched vulnerability found in Fortinet FortiOS SSL-VPN by using new malware called BOLDMOVE. This is a post from HackRead.com Read the original post: Backdoor into FortiOS: Chinese Threat Actors Utilize 0-Day
A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October 2022, at least nearly two months before fixes were
The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.
A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers said in a post-mortem analysis published this week. The
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518, could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and
Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as CVE-2022-42475 (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests. The company said