Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management

Hackers Are Exploiting a Critical FortiOS SSL VPN Bug

Patch or Disable the SSL VPN, Fortinet Says
Hackers Are Exploiting a Critical FortiOS SSL VPN Bug
It's patch time for FortiOS devices. (Image: Shutterstock)

Fortinet issued a patch update to address a recently discovered vulnerability that could be exploited in live environments to execute remote code.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

The bug, tracked as CVE-2024-21762, is a critical flaw that has a CVSS score of 9.6. It allows a remote unauthenticated attacker to use specially crafted HTTP requests to execute arbitrary code or commands.

An out-of-bounds write vulnerability allows a hacker to write data past the end or before the beginning of the intended buffer. This can typically lead to data corruption, a crash or code execution. "The product may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results," according to Mitre.

Fortinet on Thursday rolled out patches and asked users to upgrade.

Those who are unable to patch immediately can disable SSL VPN on their devices, Fortinet highly recommends patching.

The latest patches from Fortinet fix another critical bug, tracked as CVE-2024-23113, that has a 9.8 severity rating and two medium-severity bugs - CVE-2023-44487 and CVE-2023-47537. No attacks exploiting these vulnerabilities have been reported.

Fortinet VPN vulnerabilities are favorites among Chinese state-backed hackers. The Netherlands intelligence agencies disclosed Tuesday details of Chinese espionage hackers penetrating the Dutch military systems in early 2023, using a zero-day exploit in a Fortinet VPN to obtain access to "fewer than 50 users" working on unclassified research and development projects (see: Chinese Hackers Penetrated Unclassified Dutch Network).

Mandiant in January 2023 observed exploitation of the same vulnerability, tracked as CVE-2022-42475, and linked it to China's pattern of exploiting internet-facing security devices (see: Fortinet VPN Flaw Shows Pitfalls of Security Appliances).

Due to the severity of the latest flaw and its likely exploitation in the wild, cybersecurity agencies in Australia and Japan on Friday released separate alerts requesting that Fortinet users patch the vulnerability immediately.


About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.