Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

ACSC releases critical alert over FortiOS bug

The Australian Signals Directorate’s Australian Cyber Security Centre is concerned about a FortiGuard vulnerability that could lead to remote code execution.

user icon David Hollingworth
Mon, 12 Feb 2024
ACSC releases critical alert over FortiOS bug
expand image

The Australian Cyber Security Centre (ACSC) released a critical alert late last week, pointing out the very real risk of remote code being executed on affected Fortinet FortiOS devices.

FortiOS is a network operating system used on FortiGuard’s hardware and software security products, such as switches and firewalls.

The bug in question – CVE-2024-21762 – is an “out-of-bounds write vulnerability that may allow unauthenticated RCE via a specially crafted HTTP request”, according to the ACSC’s alert notice. The ACSC is rating the complexity of the vulnerability as moderate.

============
============

“The ASD’s ACSC recommends business, organisations and government entities patch affected devices and disable SSL VPN,” the ACSC said in its alert.

The flaw is in the following versions of Fortiguard products:

  • FortiOS 7.4
  • FortiOS 7.2
  • FortiOS 7.0
  • FortiOS 6.4
  • FortiOS 6.2
  • FortiOS 6.0
  • FortiProxy 7.4
  • FortiProxy 7.2
  • FortiProxy 7.0
  • FortiProxy 2.0
  • FortiProxy 1.2
  • FortiProxy 1.1
  • FortiProxy 1.0

FortiGuard advises either upgrading the older versions or migrating to a fixed release in the case of later ones. A possible workaround, however, is to disable SSL VPN. FortiGuard notes that disabling webmode is not a solution.

It’s worth following FortiGuard’s upgrade advice, as the company believes the vulnerability may already be being exploited in the wild.

Researchers at cyber security firm Rapid7 are more certain of the exploitation, however.

"According to Fortinet’s advisory for CVE-2024-21762, the vulnerability is 'potentially being exploited in the wild.' The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-21762 to their Known Exploited Vulnerabilities (KEV) list as of February 9, 2024, confirming that exploitation has occurred," Rapid7 said in a blog post.

Rapid7 also notes that such vulnerabilities are very popular with a certain class of hacker.

"Zero-day vulnerabilities in Fortinet SSL VPNs have a history of being targeted by state-sponsored and other highly motivated threat actors. Other recent Fortinet SSL VPN vulnerabilities (e.g., CVE-2022-42475, CVE-2022-41328, and CVE-2023-27997) have been exploited by adversaries as both zero-day and as n-day following public disclosure."


UPDATED 13/02/24 to add Rapid7 commentary

Comments powered by CComment

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.