CISA urged users to address two critical Fortinet vulnerabilities in products that are commonly targeted by the Chinese nation-state threat group Volt Typhoon, and one flaw is already being exploited in the wild.
Fortinet published two separate advisories Thursday to disclose critical vulnerabilities.
The first is an out-of-bounds zero-day vulnerability, CVE-2024-21762, or what it tracks internally as FG-IR-24-015.
Both vulnerabilities affect FortiOS and could allow an unauthenticated attacker to execute remote code or commands on an affected device.
The government agency simultaneously published an advisory that urged users and administrators to apply mitigations for both Fortinet vulnerabilities.
The CISA and Fortinet advisories came just days after U.S. government agencies warned that Volt Typhoon had compromised U.S. critical infrastructure organizations and maintained access in some victims' IT environments for at least five years.
Those commonly targeted products include Fortinet's SSL VPN and internet-facing network devices.
Another frequently targeted vendor was Ivanti, which disclosed yet another flaw, tracked as CVE-2024-22024, in its Ivanti Connect Secure product on Thursday.
In January, Volexity confirmed that a Chinese nation-state threat actor it tracks as UTA0178 was actively exploiting two Ivanti zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure against 1,700 devices worldwide.
CVE-2024-21762 affects Fortinet's FortiProxy secure web gateway and FortiOS software in the vendor's SSL VPN, which has proved to be a popular target.
In June, Fortinet issued an advisory for another SSL VPN vulnerability, tracked as CVE-2023-27997, and warned critical infrastructure organizations that Volt Typhoon was likely to attack.
The latest Fortinet flaw affects several FortiOS versions between 6.0 and 7.4.2, and users must upgrade to the fixed versions - 7.4.3 or higher.
CVE-2024-23113 affects FortiOS' FortiGate to FortiManager daemon protocol, which is used to help secure network devices.
The advisory provided a workaround, but warned that it should be used as a mitigation and not a complete workaround due to potential risks.
While Fortinet credited the discovery of CVE-2024-23113 to Gwendal Guégniaud of its product security team, there was no public acknowledgement for CVE-2024-21762.
In a blog post Monday, Wiz threat researcher Merav Bar emphasized that there have been reports of CVE-2024-21762 being exploited in the wild.
TechTarget Editorial contacted Fortinet for additional comment regarding exploitation of CVE-2024-21762.
Fortinet distributed a PSIRT advisory that detailed mitigation guidance and recommended next steps regarding CVE-2024-21762.
Fortinet diligently balances our commitment to the security of our customers and our culture of researcher collaboration and transparency.
Timely and ongoing communications with customers is a key component in our efforts to help protect and secure their organization and we proactively communicated to customers via Fortinet's PSIRT Advisory process, advising them to follow the guidance provided.
This Cyber News was published on www.techtarget.com. Publication date: Mon, 12 Feb 2024 22:13:04 +0000