Corvus Insights Blog | Smart Cyber Insurance

The Impact of the Fortinet Fortigate Vulnerability | February 2024

Written by Corvus Threat Intel & Risk Advisory | 02.16.24

Fortinet Fortigate Vulnerability Overview

 

Background Information

A critical security flaw (CVE-2024-21762) has been discovered in Fortigate SSL VPNs and is likely being exploited in the wild. The vulnerability allows for an unauthenticated attacker to execute arbitrary code or commands. Security patches have been released and should be applied as soon as possible.

Impact of the Vulnerability

The vulnerability affects the following Fortinet Fortigate versions:

  • FortiOS 7.4 (versions 7.4.0 through 7.4.2) - Upgrade to 7.4.3 or above
  • FortiOS 7.2 (versions 7.2.0 through 7.2.6) - Upgrade to 7.2.7 or above
  • FortiOS 7.0 (versions 7.0.0 through 7.0.13) - Upgrade to 7.0.14 or above
  • FortiOS 6.4 (versions 6.4.0 through 6.4.14) - Upgrade to 6.4.15 or above
  • FortiOS 6.2 (versions 6.2.0 through 6.2.15) - Upgrade to 6.2.16 or above
  • FortiOS 6.0 (versions 6.0 all versions) - Migrate to a fixed release

Attackers can execute arbitrary code or commands against unpatched devices, gaining a foothold into the network. From there the attacker would be able to conduct further exploitation and potentially move around the network. Corvus has observed similar vulnerabilities lead to ransomware incidents. Impacted organizations should apply a security patch immediately.

Next Steps

  • Ensure you are running the latest available fixed version of FortiOS.
  • If you aren’t able to patch right away, the only available workaround is to disable SSL VPN (disabling webmode is NOT a valid workaround).