133k+ Fortinet appliances still vulnerable to CVE-2024-21762 The Register

The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching.
According to security nonprofit Shadowserver's latest data, the number of Fortinet appliances vulnerable to CVE-2024-21762 stands at more than 133,000 - down only slightly from more than 150,000 ten days prior.
Fortinet patched CVE-2024-21762 in early February, well over a month ago.
It's a 9.6 severity vulnerability that leads to remote code execution and appeared front and center during Fortinet's week to forget last month.
The biggest number of exposures is in Asia, with 54,310 appliances still vulnerable to the critical RCE bug, the data shows.
North America and Europe fill the second and third spots with 34,945 and 28,058 respectively, while South America, Africa, and Oceania comprise the remainder.
The number of exposed SSL VPNs illustrates the wide attack surface for the critical vulnerability, one that's already known to be actively exploited.
When it was first disclosed by Fortinet, the vendor said there was evidence of it being used as a zero day.
The US Cybersecurity and Infrastructure Security Agency soon corroborated this by adding it to the Known Exploited Vulnerability catalog, thereby requiring all federal agencies to patch it within a tight deadline.
Proof of concepts are now relatively widely available online, meaning the likelihood of an attacker scanning for vulnerable boxes and popping one open is as high as it has been since the vulnerability was disclosed.
As Pindur notes, CVE-2024-21762 was just one vulnerability that's been giving admins headaches recently.
To make matters worse, the vendor announced another critical-severity bug that led to RCE last week, further adding to the patching workload. CVE-2023-48788 is an SQL Injection flaw in FortiClient Endpoint Management Server that was disclosed on March 12, carrying a 9.3 severity score.
Although there's no mention of it being actively exploited, experts at Tenable said it was likely to happen soon.
Researchers at GreyNoise have begun tracking active exploits of CVE-2023-48788, but at the time of writing the data shows no signs of malicious activity.
CISA also released an advisory a day before Fortinet's disclosure of CVE-2024-21762, warning of Volt Typhoon pre-positioning itself inside US critical infrastructure, using vulnerabilities in networking appliances like Fortinet as a way in.
For the uninitiated, Volt Typhoon is the name used to track a known state-sponsored offensive cyber group aligned with China.


This Cyber News was published on go.theregister.com. Publication date: Mon, 18 Mar 2024 19:13:05 +0000


Cyber News related to 133k+ Fortinet appliances still vulnerable to CVE-2024-21762 The Register

133k+ Fortinet appliances still vulnerable to CVE-2024-21762 The Register - The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching. According to security nonprofit Shadowserver's latest data, ...
1 year ago Go.theregister.com CVE-2024-21762 CVE-2023-48788 Volt Typhoon
CISA warns Fortinet zero-day vulnerability under attack - CISA urged users to address two critical Fortinet vulnerabilities in products that are commonly targeted by the Chinese nation-state threat group Volt Typhoon, and one flaw is already being exploited in the wild. Fortinet published two separate ...
1 year ago Techtarget.com CVE-2024-21762 CVE-2024-22024 CVE-2023-27997 CVE-2024-23113 Volt Typhoon
Exploitation activity increasing on Fortinet vulnerability - Exploitation activity appears to be ramping up against a critical Fortinet vulnerability that was disclosed and patched last month. In a security advisory on Feb. 8, Fortinet detailed a zero-day vulnerability in FortiOS, tracked as CVE-2024-21762 or ...
1 year ago Techtarget.com CVE-2024-21762 CVE-2024-27162
A look at Fortinet's week to forget The Register - Security researchers have urged users to patch vulnerable VPNs as soon as possible since the vulnerability is understood to be easily exploitable. The only workaround recommended by Fortinet is to disable the SSL VPN. Disabling webmode won't mitigate ...
1 year ago Go.theregister.com CVE-2024-23113 CVE-2024-23108 CVE-2024-23109 CVE-2023-34992
New Fortinet RCE bug is actively exploited, CISA confirms - CISA confirmed today that attackers are actively exploiting a critical remote code execution bug patched by Fortinet on Thursday. The flaw is due to an out-of-bounds write weakness in the FortiOS operating system that can let unauthenticated ...
1 year ago Bleepingcomputer.com CVE-2023-34992 Volt Typhoon
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
Are Security Appliances fit for Purpose in a Decentralized Workplace? - Security appliances have been traditionally considered one of the most effective forms of perimeter security. Today, security appliances feature amongst the most riskiest enterprise devices and are a preferred method for threat actors to infiltrate a ...
1 year ago Securityweek.com
New SuperBlack ransomware exploits Fortinet auth bypass flaws - A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. When Fortinet first disclosed CVE-2024-55591 on ...
2 months ago Bleepingcomputer.com LockBit CVE-2024-55591
Fortinet Warns of New FortiOS Zero-Day - Fortinet on Thursday announced patches for a critical remote code execution vulnerability in FortiOS that may have been exploited in the wild. The security hole, tracked as CVE-2024-21762, impacts FortiOS versions 6.0, 6.2, 6.4, 7.0, 7.2 and 7.4. ...
1 year ago Securityweek.com CVE-2024-21762 CVE-2022-42475 CVE-2023-27997 CVE-2024-23113 Volt Typhoon
Fortinet Warns of Yet Another Critical RCE Flaw - Fortinet has patched a critical remote code execution vulnerability in its FortiClient Enterprise Management Server for managing endpoint devices. The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage ...
1 year ago Darkreading.com CVE-2024-48788 CVE-2023-27997 CVE-2022-40684 CVE-2023-34993 CVE-2023-34991 CVE-2023-48782 CVE-2023-42783 Volt Typhoon
CISA Orders Ivanti VPN Appliances Disconnected: What to Do - The United States Cybersecurity and Infrastructure Security Agency has given Federal Civilian Executive Branch agencies 48 hours to rip out all Ivanti appliances in use on federal networks, over concerns that multiple threat actors are actively ...
1 year ago Darkreading.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
7 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
7 years ago
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
7 months ago Tenable.com
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
1 year ago Tenable.com
CVE-2023-52911 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
Fortinet warns of critical RCE bug in endpoint management software - Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server software that can allow attackers to gain remote code execution on vulnerable servers. FortiClient EMS enables admins to manage endpoints connected to an ...
1 year ago Bleepingcomputer.com CVE-2023-48788 CVE-2024-21762 Volt Typhoon
Fortinet Adds Generative AI Tool to Security Operations Portfolio - Fortinet today added a generative artificial intelligence tool to its portfolio to eliminate a range of manual tasks that security operations teams would otherwise need to perform. John Maddison, chief marketing officer for Fortinet, said Fortinet ...
1 year ago Securityboulevard.com
Fortinet unveils networking solution integrated with Wi-Fi 7 - Fortinet announced a comprehensive secure networking solution integrated with Wi-Fi 7. Fortinet's first Wi-Fi 7 access point, FortiAP 441K, delivers increased speed and capacity, and the new FortiSwitch T1024 is purpose-built with 10 Gigabit Ethernet ...
1 year ago Helpnetsecurity.com
New Fortinet RCE flaw in SSL VPN likely exploited in attacks - Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. The flaw received a 9.6 severity rating and is an out-of-bounds write vulnerability in FortiOS that allows ...
1 year ago Bleepingcomputer.com CVE-2024-23113 CVE-2023-44487 CVE-2023-47537 CVE-2024-21762 Volt Typhoon
Fortinet: Symlink trick gives access to patched FortiGate VPN devices - Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. The advisory says that when the threat ...
1 month ago Bleepingcomputer.com CVE-2022-42475
Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks - Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. The advisory says that when the threat ...
1 month ago Bleepingcomputer.com CVE-2022-42475
Home AI Revolution: From Assistants to Smart Appliances - In a world where technology is advancing faster than ever, home AI has become an integral part of everyday life. Anachronistically speaking, a time-traveler from even just a few decades ago would be amazed at how far we've come in terms of home ...
1 year ago Securityzap.com Meow
Leaked KeyPlug Malware Infrastructure Contains Exploit Scripts to Hack Fortinet Firewall and VPN - Security experts recommend immediate patching of all Fortinet devices, monitoring for WebSocket handshake requests to suspicious endpoints, and reviewing historical logs for signs of exploitation attempts using these now-exposed techniques. The ...
1 month ago Cybersecuritynews.com CVE-2024-23108 APT41
Fortinet enhances its OT security solutions and services - Fortinet announced the latest release of new, integrated operational technology security solutions and services. These additions further distance Fortinet's industry-leading OT Security Platform from the rest of the market. The number of industrial ...
1 year ago Helpnetsecurity.com Rocke