SSL VPNs are trusted safe connections to non-public group networks. A vulnerability like CVE-2024-21762 permits attackers to entry and exploit programs on these safe channels.
The vulnerability impacts FortiOS variations 7.4 (earlier than 7.4.2), 7.2 (earlier than 7.2.6), 7.0 (earlier than 7.0.13), 6.4 (earlier than 6.4.14), 6.2 (earlier than 6.2.15), 6.0 (all variations). Whereas patches have been rolled out with the successive releases of Fortinet variations 6.2, 6.4, 7.0, 7.2, and seven.4 have reached the tip of assist, model 7.6 isn’t affected by the vulnerability.
Customers unable to improve to patched variations are suggested to disable SSL VPN as a workaround.
Fortinet has warned towards yet one more essential vulnerability (CVSS 9.8), with no identified exploitations but, tracked beneath CVE-2024-23113 that additionally permits distant code execution (RCE) by utilizing the “externally-controlled format string vulnerability” within the FortiOS fgfmd daemon, one other safe connection authentication module.
Fortinet warns towards nation-state exploitations
Within the report, Fortinet underlined the techniques, strategies, and procedures (TTPs) utilized by China-backed menace actor, Volt Hurricane, to use Fortinet’s identified bugs to realize preliminary entry to focus on programs.
The corporate revealed that Chinese language hackers possible exploited Fortinet N-days disclosed in December 2022 (CVE-2022-42475), and June 2023 (CVE-2023-27997) for concentrating on essential infrastructure organizations, because the incident investigation revealed the usage of living-of-the-land (LOTL) binaries in step with Volt Hurricane’s TTPs.
