CISA spots Fortinet FortiOS bug, hackers exploiting Stay alert, folks

February 11, 2024
1 min read

TLDR:

  • The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a “critical” vulnerability in Fortinet’s FortiOS is being actively exploited in attacks.
  • The vulnerability, tracked at CVE-2024-21762, is a remote code execution flaw that has received a severity score of 9.6 out of 10.0.
  • Fortinet has released patches for the vulnerability, which affects multiple versions of FortiOS.
  • CISA’s disclosure of the exploitation follows the revelation that China-linked threat group Volt Typhoon has been exploiting network appliances from various vendors, including Fortinet.

The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a “critical” vulnerability affecting multiple versions of Fortinet’s FortiOS is being actively exploited in attacks. The vulnerability, which is a remote code execution flaw tracked at CVE-2024-21762, has received a severity score of 9.6 out of 10.0. Fortinet had previously issued an advisory stating that the vulnerability was potentially being exploited in the wild. However, the advisory has not been updated to reflect CISA’s confirmation.

CISA warned that a cyber threat actor could exploit the vulnerability to take control of an affected system. The agency also mentioned a second remote code execution flaw in FortiOS tracked at CVE-2024-23313. Fortinet did not specifically comment on the exploitation of the vulnerability but emphasized its commitment to customer security and collaboration with researchers.

Fortinet released patches for the critical remote code execution vulnerability on Thursday. The vulnerability affects multiple versions of FortiOS, including 7.4, 7.2, 7.0, 6.4, 6.2, and 6.0. Mayuresh Dani, manager for security research at cybersecurity firm Qualys, noted that the exploit code’s maturity is ranked as “high” and suggested that a proof-of-concept disclosure may be imminent given the seriousness of the vulnerability.

The exploitation of this critical FortiOS vulnerability follows the disclosure by CISA and other federal agencies that China-linked threat group Volt Typhoon has been exploiting network appliances from several vendors, including Fortinet. Volt Typhoon likely gained initial access to networks by exploiting a different vulnerability in a Fortinet firewall that was not patched. In response to the agencies’ advisory, Fortinet emphasized the importance of organizations having a robust patch management program and following best practices for a secure infrastructure. Other vendors frequently targeted by Volt Typhoon include Ivanti, Cisco, NetGear, and Citrix.

In conclusion, the CISA’s confirmation of active exploitation of a critical FortiOS vulnerability highlights the need for organizations to stay vigilant with patch management and follow best practices in order to maintain a secure infrastructure. The involvement of the China-linked threat group Volt Typhoon underscores the ongoing threat posed by sophisticated threat actors.

Latest from Blog

Top 3 Cybersecurity Stocks for May 2024 Buy Now

TLDR: Key Points: Cybersecurity stocks are using AI to enhance their platforms Top cybersecurity stocks to buy now include Crowdstrike, Fortinet, and Palo Alto Networks Article Summary: The cybersecurity market is booming

Get Secure: Know the Basics of Cloud Security Fundamentals Now

TLDR: Cloud security fundamentals are essential for data protection, regulatory compliance, and access management in a cloud environment. Key fundamentals include identifying assets, implementing security controls, conducting risk assessments, managing user access