Urgent Alert: Fortinet RCE Bug Exploited in the Wild – Patch Now to Shield Your Network!

Heads up, admins! Fortinet’s got a bug (CVE-2024-21762) that’s RCE-fancy and CISA’s not chill about it. Patch or ditch SSL VPN, ASAP. And FYI, Fortinet’s CVE denial drama? Total plot twist with a Horizon3 cameo. Stay patched, stay safe! #CybersecurityCliffhanger

Hot Take:

Let’s be honest, if you’re struggling to keep up with the Fortinet saga, you’re not alone. This is like a soap opera for cyber nerds, complete with plot twists, mistaken identities, and now, a ticking time bomb of an RCE bug that’s got everyone from the corner office to the server room sweating bullets. And guess what? If you’re still reading this, you’re officially part of the drama club. Welcome to “As the Network Turns.”

Key Points:

  • Fortinet’s no-good, very bad week: A critical RCE bug in FortiOS is being actively exploited, and admins are scrambling to patch or pull the plug on SSL VPN.
  • Deja vu disclosure: Fortinet had a case of the “whoopsies,” initially denying the existence of two new CVEs that turned out to be variants of a previously patched flaw.
  • CISA’s rapid response: U.S. federal agencies have a seven-day ultimatum to secure FortiOS devices or face the wrath of the binding operational directive.
  • Exploit extravaganza: Fortinet’s vulnerabilities are a hot ticket for the bad guys, with Chinese hackers using them in cyber espionage and ransomware fiestas.
  • The RAT and the military: A charming little RAT named Coathanger is wreaking havoc, with the Dutch Ministry of Defence as its latest catwalk.
Cve id: CVE-2024-23109
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 02/05/2024
Cve description: An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

Cve id: CVE-2024-21762
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 02/09/2024
Cve description: A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

Cve id: CVE-2022-42475
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 01/02/2023
Cve description: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Cve id: CVE-2023-27997
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 06/13/2023
Cve description: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

Cve id: CVE-2022-48618
Cve state: PUBLISHED
Cve assigner short name: apple
Cve date updated: 01/09/2024
Cve description: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.

Cve id: CVE-2024-23108
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 02/05/2024
Cve description: An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests.

Cve id: CVE-2023-34992
Cve state: PUBLISHED
Cve assigner short name: fortinet
Cve date updated: 10/10/2023
Cve description: A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests.

Need to know more?

The Patchwork Quilt of Cybersecurity

Fortinet's latest patch-a-palooza comes with a warning label: "May contain exploits." The cybersecurity equivalent of a hole in your jeans, this RCE bug is letting all sorts of uninvited guests through the door. Admins are now playing a high-stakes game of whack-a-mole, rushing to patch things up or just ripping out the SSL VPN, yelling "stop touching that!" to anyone who comes near.

When "No" Means "Yes, But Later"

Fortinet's disclosure process could use a GPS because it's been a confusing journey. Initially, the company was in full denial mode, like a kid caught with a hand in the cookie jar. But surprise, those CVEs are real, and they're spectacular…ly dangerous. Thanks to a little nudge from Horizon3's Zach Hanley, Fortinet finally owned up to the pesky variants of the original bug. A cybersecurity "my bad," if you will.

Tick, Tock, Patch the Clock

If you work for a U.S. federal agency, you might want to cancel your weekend plans. CISA's binding operational directive is like your mom telling you to clean your room, but with more severe consequences if you don't. Agencies have just seven days to fortify their FortiOS devices against this cyber siege. No pressure, right?

The Hacker's VIP List

Fortinet's security flaws are like the hot new club everyone wants to get into – if everyone were a cybercriminal, that is. We've seen everything from cyber espionage to ransomware parties, with attackers donning their virtual black hats and going to town on corporate networks. It's the kind of attention you really don't want.

The RAT That Roared

Last but not least, let's talk about Coathanger, the RAT with a taste for military fashion. This little critter has been slipping through Fortinet's defenses and setting up shop in some pretty high-profile networks. The Dutch Ministry of Defence can tell you all about it, though they're probably not in a sharing mood. It's a reminder that in the world of cybersecurity, even the mightiest can get tripped up by something the size of a coat hanger.

Tags: Binding Operational Directive, Chinese Volt Typhoon Group, Fortinet Patch, FortiOS Vulnerabilities, FortiSIEM Security Bugs, Remote Code Execution, SSL VPN Flaws