Priya Patel
TLDR:
- A critical security flaw, CVE-2024-21762, has been discovered in Fortinet’s FortiOS and FortiProxy systems
- Around 150,000 devices worldwide are potentially impacted, allowing for unauthenticated remote code execution
A critical security flaw has been identified in Fortinet’s FortiOS and FortiProxy systems, potentially impacting around 150,000 devices worldwide. The vulnerability, known as CVE-2024-21762, allows for unauthenticated remote code execution by sending specially crafted HTTP requests. The U.S. Cybersecurity and Infrastructure Security Agency has confirmed active exploitation of the flaw and agencies are urged to apply patches immediately.
The vulnerability affects a wide range of Fortinet devices, including FortiOS, FortiProxy, FortiSwitchManager, and FortiAnalyzer. Exploitation of the flaw could lead to arbitrary code execution on affected devices. Fortinet has released patches for the affected versions and users are advised to update their devices as soon as possible. A check script is available to determine vulnerability, and a workaround involving disabling the HTTP/HTTPS interface has been provided for temporary protection.
Full Article:
A critical security flaw identified as CVE-2024-21762 has been discovered in Fortinet’s FortiOS and FortiProxy secure web gateway systems, potentially impacting around 150,000 devices worldwide. The vulnerability allows for unauthenticated remote code execution (RCE) by sending specially crafted HTTP requests to the affected machines. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that attackers actively exploit the flaw, adding it to its Known Exploited Vulnerabilities (KEV) catalog. Federal Civilian Executive Branch (FCEB) agencies must apply the fixes by February 16, 2024, to secure their networks against potential threats.
The vulnerability affects a wide range of Fortinet’s security appliances, including versions of FortiOS, FortiProxy, FortiSwitchManager, and FortiAnalyzer. According to the FortiGuard Labs’ security advisory, the vulnerability is the result of an improper limitation of a pathname to a restricted directory, which could be exploited by an unauthenticated attacker via the internet. This could lead to arbitrary code execution on the underlying operating system of affected devices.
Fortinet has released patches for the affected versions and is urging customers to update their devices immediately to mitigate the risk. The affected versions and the corresponding patches can be found on Fortinet’s official advisory page. For users and administrators who are unsure if their devices are vulnerable, a check script has been made available on GitHub by BishopFox. The script, named CVE-2024-21762 -check, can be used to determine if a Fortinet device is susceptible to the flaw, facilitating a more efficient response to the threat.
In the meantime, Fortinet has also provided a workaround for those unable to apply the patches immediately. The workaround involves disabling the HTTP/HTTPS administrative interface or limiting IP access to trusted hosts. However, this is only temporary, and users are strongly advised to apply the official patches as soon as possible.
