FortiOS VPN Under Siege: Critical Bug CVE-2024-21762 Exploited by Cyber Villains!

FortiOS SSL VPN users, brace yourselves! Fortinet’s latest ‘whoopsie-daisy’ features a critical flaw (CVE-2024-21762) with a 9.6 drama rating. Spoiler alert: it’s probably being exploited. So, patch up or risk a hack attack sequel! 🚨💻🔨 #FortinetFlawFiasco

Hot Take:

Looks like Fortinet’s FortiOS decided to play “Hide and Seek” with hackers, but it wasn’t very good at hiding. A new vulnerability, with the catchy name CVE-2024-21762, is like an open VIP party invitation for cybercriminals. With a CVSS score of 9.6, we’re not just talking about sneaky peeks; we’re talking full-blown command performance! And the cherry on top? It’s “potentially” being exploited in the wild. Potentially, as in, “I ‘potentially’ might win the lottery if I actually bought a ticket.”

Key Points:

  • Fortinet acknowledges a critical flaw (CVE-2024-21762) in FortiOS SSL VPN that’s likely giving hackers a backdoor pass to the execution of arbitrary code. Party on, hackers.
  • This digital gremlin has a knack for crafting HTTP requests that can make the FortiOS do the hacker’s bidding. No authentication needed. It’s like saying “please” and getting whatever you want.
  • A myriad of FortiOS versions are playing this dangerous game. Thankfully, updates are available, so patch up and avoid being “it” in the cybersecurity playground.
  • Fortinet’s no stranger to the exploit rodeo, with recent patches for other vulnerabilities and reports of Chinese state-sponsored actors using their devices as a cybernetic Trojan horse.
  • The U.S. and China are accusing each other of cyber mischief, while critical infrastructure and networking appliances continue to be cyber battlegrounds. It’s like a digital Cold War, but with more patches and less espionage… or is there?
Cve id: CVE-2023-27997
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 06/13/2023
Cve description: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

Cve id: CVE-2022-42475
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 01/02/2023
Cve description: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Cve id: CVE-2024-21762
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 02/09/2024
Cve description: A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

Cve id: CVE-2024-23108
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 02/05/2024
Cve description: An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

Cve id: CVE-2024-23109
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 02/05/2024
Cve description: An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

Need to know more?

A Patch in Time Saves Nine... Point Six

So, Fortinet dropped a bulletin faster than a hot potato, and this one's got "urgent" stamped all over it. They've listed a bunch of versions affected by this vulnerability, with an upgrade path that's more like a treasure map to safety. But don't worry, if you're on FortiOS 7.6, you're sitting pretty; for the rest, it's update time!

It's Raining Patches!

Fortinet's been patching more holes than a tailor in a thorn bush. They just patched up CVE-2024-23108 and CVE-2024-23109, because why have one vulnerability when you can have more? These are for the FortiSIEM supervisor, just in case you thought it was getting lonely with all the attention on FortiOS.

State-Sponsored Hide-and-Seek Champions

The Dutch dropped a bombshell earlier this week, claiming that their military network got a surprise visit from Chinese state-sponsored hackers. Apparently, these digital ninjas used known flaws in Fortinet FortiGate devices to sneak in a backdoor called COATHANGER - because when you're spying, the subtlety of your tool names is key.

The Villainous Vault Typhoon

And let's not forget our friends at the U.S. government, who took a break from their own cyber shenanigans to issue a friendly heads-up about Volt Typhoon - not a new energy drink, but a Chinese nation-state group with a penchant for critical infrastructure and a taste for networking appliance vulnerabilities. It's like they're collecting them for a scrapbook.

The Great Cyber Blame Game

In the grand tradition of geopolitical cyber dramas, China's denying all allegations of digital wrongdoing, and pointing fingers back at the U.S. It's like watching two master chess players, only the pawns are our routers and the knights are sneaky bits of code.

With edge devices becoming the new darlings of cyber attackers, due to their lack of EDR support, Fortinet's warning is a sobering reminder to button up those digital hatches. Because in the cyber world, when someone knocks on your door, you might want to look through the peephole before shouting, "Come in!"

Tags: Chinese cyber attacks, Critical Infrastructure Protection, CVE-2024-21762, Fortinet appliances, FortiOS, network security patch, SSL VPN vulnerability