TLDR:
- Fortinet FortiOS bug CVE-2024-21762 is actively exploited in wild
- Potentially impacts 150,000 internet-facing devices
Researchers have warned about a critical vulnerability (CVE-2024-21762) in Fortinet FortiOS that could potentially impact 150,000 exposed devices. Fortinet released patches to address this vulnerability, but a significant number of devices are still vulnerable. This vulnerability allows remote unauthenticated attackers to execute arbitrary code or commands through specially crafted HTTP requests. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog. Researchers recommend immediate action to mitigate the risk of exploitation.