Fortinet has disclosed a critical vulnerability affecting FortiOS, the operating system that runs on Fortigate SSL VPNs. The vulnerability known as CVE-2024-21762, received a CVSS score of 9.6. Please review the following recommendations in this Cybersecurity Threat Advisory to mitigate the potential risk and protect your environment.
What is the threat?
CVE-2024-21762 is an out-of-bound write vulnerability in the SSL VPN daemon (SSLVPNd) in Fortinet FortiOS. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to a vulnerable device that has SSL VPN enabled. Successful exploitation would allow an attacker remote code or command execution access on the device.
Why is it noteworthy?
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), this vulnerability was added to their Known Exploited Vulnerabilities (KEV) list as of February 9, 2024, therefore confirming that exploitation has occurred. When exploited, this vulnerability allows for the execution of arbitrary code and commands, increasing the level of severity.
What is the exposure or risk?
Vulnerabilities in Fortinet devices are being exploited by multiple nation-state threat actors and ransomware groups such as Conti. As a result, Fortinet vulnerabilities have been included as part of the “Top Routinely Exploited Vulnerabilities” lists that have been published by the CISA in partnership with other U.S. and international agencies.
What are the recommendations?
Barracuda MSP recommends the following actions to help secure your environment against this threat:
- Fortinet has released patches for several versions of FortiOS to address CVE-2024-21762: https://www.fortiguard.com/psirt/FG-IR-24-015
- If patching is not feasible, it is advised for organizations to disable SSL VPN functionality until then. Fortinet’s advisory warns that simply disabling webmode is “NOT a valid workaround.”
- Most importantly, please note that the advisories for the remaining CVEs including CVE-2024-21762, CVE-2024-23113 and CVE-2023-44487 either list their own workaround options and the fixed releases or have fixed versions different from CVE-2024-21762. To ensure successful remediation of each of these vulnerabilities, we strongly recommend you upgrade to the latest available version of your current release branch.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.cisa.gov/news-events/alerts/2024/02/09/fortinet-releases-security-advisories-fortios
- https://thehackernews.com/2024/02/fortinet-warns-of-critical-fortios-ssl.html
If you have any questions regarding this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.
