133k+ Fortinet appliances still vulnerable to CVE-2024-21762 The Register

The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching.
According to security nonprofit Shadowserver's latest data, the number of Fortinet appliances vulnerable to CVE-2024-21762 stands at more than 133,000 - down only slightly from more than 150,000 ten days prior.
Fortinet patched CVE-2024-21762 in early February, well over a month ago.
It's a 9.6 severity vulnerability that leads to remote code execution and appeared front and center during Fortinet's week to forget last month.
The biggest number of exposures is in Asia, with 54,310 appliances still vulnerable to the critical RCE bug, the data shows.
North America and Europe fill the second and third spots with 34,945 and 28,058 respectively, while South America, Africa, and Oceania comprise the remainder.
The number of exposed SSL VPNs illustrates the wide attack surface for the critical vulnerability, one that's already known to be actively exploited.
When it was first disclosed by Fortinet, the vendor said there was evidence of it being used as a zero day.
The US Cybersecurity and Infrastructure Security Agency soon corroborated this by adding it to the Known Exploited Vulnerability catalog, thereby requiring all federal agencies to patch it within a tight deadline.
Proof of concepts are now relatively widely available online, meaning the likelihood of an attacker scanning for vulnerable boxes and popping one open is as high as it has been since the vulnerability was disclosed.
As Pindur notes, CVE-2024-21762 was just one vulnerability that's been giving admins headaches recently.
To make matters worse, the vendor announced another critical-severity bug that led to RCE last week, further adding to the patching workload. CVE-2023-48788 is an SQL Injection flaw in FortiClient Endpoint Management Server that was disclosed on March 12, carrying a 9.3 severity score.
Although there's no mention of it being actively exploited, experts at Tenable said it was likely to happen soon.
Researchers at GreyNoise have begun tracking active exploits of CVE-2023-48788, but at the time of writing the data shows no signs of malicious activity.
CISA also released an advisory a day before Fortinet's disclosure of CVE-2024-21762, warning of Volt Typhoon pre-positioning itself inside US critical infrastructure, using vulnerabilities in networking appliances like Fortinet as a way in.
For the uninitiated, Volt Typhoon is the name used to track a known state-sponsored offensive cyber group aligned with China.


This Cyber News was published on go.theregister.com. Publication date: Mon, 18 Mar 2024 19:13:05 +0000


Cyber News related to 133k+ Fortinet appliances still vulnerable to CVE-2024-21762 The Register

133k+ Fortinet appliances still vulnerable to CVE-2024-21762 The Register - The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching. According to security nonprofit Shadowserver's latest data, ...
9 months ago Go.theregister.com
CISA warns Fortinet zero-day vulnerability under attack - CISA urged users to address two critical Fortinet vulnerabilities in products that are commonly targeted by the Chinese nation-state threat group Volt Typhoon, and one flaw is already being exploited in the wild. Fortinet published two separate ...
10 months ago Techtarget.com
Exploitation activity increasing on Fortinet vulnerability - Exploitation activity appears to be ramping up against a critical Fortinet vulnerability that was disclosed and patched last month. In a security advisory on Feb. 8, Fortinet detailed a zero-day vulnerability in FortiOS, tracked as CVE-2024-21762 or ...
9 months ago Techtarget.com
A look at Fortinet's week to forget The Register - Security researchers have urged users to patch vulnerable VPNs as soon as possible since the vulnerability is understood to be easily exploitable. The only workaround recommended by Fortinet is to disable the SSL VPN. Disabling webmode won't mitigate ...
10 months ago Go.theregister.com
New Fortinet RCE bug is actively exploited, CISA confirms - CISA confirmed today that attackers are actively exploiting a critical remote code execution bug patched by Fortinet on Thursday. The flaw is due to an out-of-bounds write weakness in the FortiOS operating system that can let unauthenticated ...
10 months ago Bleepingcomputer.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
Are Security Appliances fit for Purpose in a Decentralized Workplace? - Security appliances have been traditionally considered one of the most effective forms of perimeter security. Today, security appliances feature amongst the most riskiest enterprise devices and are a preferred method for threat actors to infiltrate a ...
11 months ago Securityweek.com
Fortinet Warns of New FortiOS Zero-Day - Fortinet on Thursday announced patches for a critical remote code execution vulnerability in FortiOS that may have been exploited in the wild. The security hole, tracked as CVE-2024-21762, impacts FortiOS versions 6.0, 6.2, 6.4, 7.0, 7.2 and 7.4. ...
10 months ago Securityweek.com
Fortinet Warns of Yet Another Critical RCE Flaw - Fortinet has patched a critical remote code execution vulnerability in its FortiClient Enterprise Management Server for managing endpoint devices. The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage ...
9 months ago Darkreading.com
CISA Orders Ivanti VPN Appliances Disconnected: What to Do - The United States Cybersecurity and Infrastructure Security Agency has given Federal Civilian Executive Branch agencies 48 hours to rip out all Ivanti appliances in use on federal networks, over concerns that multiple threat actors are actively ...
10 months ago Darkreading.com
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
Fortinet warns of critical RCE bug in endpoint management software - Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server software that can allow attackers to gain remote code execution on vulnerable servers. FortiClient EMS enables admins to manage endpoints connected to an ...
9 months ago Bleepingcomputer.com
Fortinet Adds Generative AI Tool to Security Operations Portfolio - Fortinet today added a generative artificial intelligence tool to its portfolio to eliminate a range of manual tasks that security operations teams would otherwise need to perform. John Maddison, chief marketing officer for Fortinet, said Fortinet ...
1 year ago Securityboulevard.com
Fortinet unveils networking solution integrated with Wi-Fi 7 - Fortinet announced a comprehensive secure networking solution integrated with Wi-Fi 7. Fortinet's first Wi-Fi 7 access point, FortiAP 441K, delivers increased speed and capacity, and the new FortiSwitch T1024 is purpose-built with 10 Gigabit Ethernet ...
11 months ago Helpnetsecurity.com
New Fortinet RCE flaw in SSL VPN likely exploited in attacks - Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. The flaw received a 9.6 severity rating and is an out-of-bounds write vulnerability in FortiOS that allows ...
10 months ago Bleepingcomputer.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
2 months ago Tenable.com
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
7 months ago Tenable.com
Fortinet enhances its OT security solutions and services - Fortinet announced the latest release of new, integrated operational technology security solutions and services. These additions further distance Fortinet's industry-leading OT Security Platform from the rest of the market. The number of industrial ...
1 year ago Helpnetsecurity.com
Home AI Revolution: From Assistants to Smart Appliances - In a world where technology is advancing faster than ever, home AI has become an integral part of everyday life. Anachronistically speaking, a time-traveler from even just a few decades ago would be amazed at how far we've come in terms of home ...
1 year ago Securityzap.com
Ivanti: Patch new Connect Secure auth bypass bug immediately - Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. The flaw is due to an XXE weakness in the gateways' SAML component that ...
10 months ago Bleepingcomputer.com
CVE-2017-12244 - A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort ...
5 years ago
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure - Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution. Fortinet added the two new vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 to the original ...
10 months ago Bleepingcomputer.com
Ivanti: VPN appliances vulnerable if pushing configs after mitigation - Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. While the company didn't provide additional ...
10 months ago Bleepingcomputer.com
Barracuda fixes new ESG zero-day exploited by Chinese hackers - Network and email security firm Barracuda says it remotely patched all active Email Security Gateway appliances on December 21 against a zero-day bug exploited by UNC4841 Chinese hackers. The company deployed a second wave of security updates a day ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)