Attackers are actively using a crucial remote code execution (RCE ) bug that Fortinet fixed on Thursday, according to CISA, which was confirmed today.
The FortiOS operating system has an out-of-bounds write weakness that allows unauthenticated attackers to remotely execute arbitrary code using maliciously crafted HTTP requests, which is the cause of the flaw ( CVE-2024-21762 ).
By turning off SSL VPN on the device, administrators who are unable to deploy security updates right away to fix vulnerable appliances can eliminate the attack vector.
One day after Fortinet released a security advisory stating that the flaw was “potentially being exploited in the wild,” CISA has made its announcement.
The vulnerability has been added to CISA’s Known Exploited Vulnerabilities Catalog, warning that such bugs are “frequent attack vectors for malicious cyber actors” and pose” significant risks to the federal enterprise,” even though the company has n’t yet disclosed more information about potential CVE-2022-48618.
In accordance with the legally binding operational directive ( BOD 22- 01 ) issued in November 2021, the cybersecurity agency also mandated that U.S. federal agencies secure FortiOS devices against this security bug by February 16.
disclosures that are unclear
This week, Fortinet updated its FortiSIEM solution to address two additional critical RCE vulnerabilities ( CVE- 2024 – 23108 and CVE, 20524, 23109 ).
The business initially asserted that the CVEs were fakes and that they were copies of an October-fixed flaw ( CVE-2023-34992 ).
However, Fortinet’s disclosure procedure was very unclear, with the company initially denying the CVEs were genuine and asserting that an API bug caused them to be created as duplicates of a similar flaw ( CVE-2023-34992 ) that was fixed in October.
Zach Hanley, a specialist in Horizon3 vulnerabilities, found the bugs and reported them, and the company eventually acknowledged that the two CVEs were different iterations of the original 2023–34992bug.
It is strongly advised to secure all Fortinet devices as soon as possible because remote, unauthenticated attackers can use these flaws to execute arbitrary code on vulnerable appliances.
In cyber espionage campaigns and ransomware attacks, tinet flaws ( often as zero days ) are frequently used to breach corporate networks.
For instance, On Wednesday, Fortinet claimed that attacks using the Coathanger , custom malware, were carried out by the Chinese Volt Typhoon hacking group & nBSP, which used the FortiOS SSL VPN flaws ( CVE- 2022-42475 and CVE, 2023-27997 ).
A military network of the  , Dutch Ministry of Defense, was recently backdoored using the remote access Trojan (RAT ), Coathanger, which targets Fortigate network security appliances.