Fortinet has revealed a significant security vulnerability within its FortiOS SSL VPN, identified as CVE-2024-21762, suggesting active exploitation in the wild. This flaw, rated with a high CVSS score of 9.6, allows remote unauthenticated attackers to execute arbitrary code or commands through manipulated HTTP requests. The impacted versions span FortiOS 7.4, 7.2, 7.0, 6.4, and 6.2, prompting the necessity for users to upgrade to specified versions or migrate to fixed releases to mitigate the risks posed by potential exploitation.
This development follows Fortinet’s issuance of patches for other vulnerabilities affecting FortiSIEM supervisor, indicating an ongoing effort to address security concerns across its product ecosystem. Notably, the Dutch government recently disclosed a breach facilitated by Chinese state-sponsored actors leveraging known flaws in Fortinet FortiGate devices. Moreover, Fortinet’s report highlights the exploitation of N-day vulnerabilities by various threat actors targeting critical infrastructure and organizations across sectors, illustrating the persistent nature of cybersecurity threats.
These revelations underscore the critical importance of proactive security measures in safeguarding internet-facing edge devices against evolving cyber threats. As demonstrated by the activities of threat actors such as Volt Typhoon, who exploit both known and zero-day vulnerabilities, the lack of endpoint detection and response (EDR) support in certain technologies leaves them susceptible to exploitation. Fortinet emphasizes the need for vigilance and prompt action in addressing vulnerabilities to mitigate the risks posed by cyber attacks targeting critical infrastructure and organizations worldwide.
