Adrian Johnson
TLDR: Critical Fortinet Flaw May Impact 150,000 Exposed Devices
Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. The flaw is actively being exploited by attackers, with most vulnerable devices located in the United States, India, Brazil, and Canada.
Almost a month after Fortinet addressed CVE-2024-21762, The Shadowserver Foundation announced that nearly 150,000 vulnerable devices were found. Vulnerable versions of FortiOS and FortiProxy are being targeted by remote attackers, with a severity score of 9.8 according to NIST. Companies can check if their SSL VPN systems are vulnerable using a Python script developed by researchers at BishopFox.
FortiOS is Fortinet’s operating system for security devices, providing protection against DoS attacks, intrusion prevention, firewall, and VPN services. FortiProxy is a secure web proxy solution with protection capabilities against web and DNS-based threats, data loss, antivirus, intrusion prevention, and client browser isolation.
Threat actors actively exploiting CVE-2024-21762 are using more sophisticated tactics and may not be detectable on public platforms. The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed active exploitation of the flaw. Fortinet has released advisories for users to update their systems and mitigate the vulnerability.
This critical flaw highlights the importance of timely software updates and security patches to protect vulnerable devices from potential exploitation by threat actors.
