Fortinet Fortigate Vulnerability Overview
Background Information
A critical security flaw (CVE-2024-21762) has been discovered in Fortigate SSL VPNs and is likely being exploited in the wild. The vulnerability allows for an unauthenticated attacker to execute arbitrary code or commands. Security patches have been released and should be applied as soon as possible.
Impact of the Vulnerability
The vulnerability affects the following Fortinet Fortigate versions:
-
FortiOS 7.4 (versions 7.4.0 through 7.4.2) - Upgrade to 7.4.3 or above
-
FortiOS 7.2 (versions 7.2.0 through 7.2.6) - Upgrade to 7.2.7 or above
-
FortiOS 7.0 (versions 7.0.0 through 7.0.13) - Upgrade to 7.0.14 or above
-
FortiOS 6.4 (versions 6.4.0 through 6.4.14) - Upgrade to 6.4.15 or above
-
FortiOS 6.2 (versions 6.2.0 through 6.2.15) - Upgrade to 6.2.16 or above
-
FortiOS 6.0 (versions 6.0 all versions) - Migrate to a fixed release
Attackers can execute arbitrary code or commands against unpatched devices, gaining a foothold into the network. From there the attacker would be able to conduct further exploitation and potentially move around the network. Corvus has observed similar vulnerabilities lead to ransomware incidents. Impacted organizations should apply a security patch immediately.
Next Steps
-
-
If you aren’t able to patch right away, the only available workaround is to disable SSL VPN (disabling webmode is NOT a valid workaround).