Exploitation activity increasing on Fortinet vulnerability

Exploitation activity appears to be ramping up against a critical Fortinet vulnerability that was disclosed and patched last month.
In a security advisory on Feb. 8, Fortinet detailed a zero-day vulnerability in FortiOS, tracked as CVE-2024-21762 or what Fortinet tracks internally as FG-IR-24-015.
Fortinet has not confirmed reports of active exploitation.
More than a month later, the vulnerability - which affects FortiOS, Fortinet's SSL VPN software and FortiProxy secure web gateway - is gaining more attention from threat actors.
On Monday, the Shadowserver Foundation, a cybersecurity nonprofit organization, confirmed that it observed an increase in exploitation activity following the release of more detailed vulnerability information that included a proof-of-concept exploit.
Successful exploitation could allow an unauthenticated remote attacker to execute arbitrary commands on a vulnerable device.
SSL VPNs from a variety of vendors, including Fortinet, have proven to be a popular target for nation-state threat actors.
Shadowserver said its internet scans revealed that more than 133,000 vulnerable instances remained as of Sunday and urged users to upgrade to the fixed version.
TechTarget Editorial contacted Shadowserver for additional information on the single IP address.
Assetnote, which offers an attack surface management platform, added that its research team immediately began analyzing CVE-2024-21762 after the public disclosure to ensure the vendor's own customers were notified if they were affected.
While Shadowserver observed an increase in activity after the PoC was published, Fortinet customers had more than a month to apply patches for CVE-2024-27162.
For the Fortinet research, Assetnote said it was only able to obtain versions 7.2.5 and 7.2.7 of the FortiGate network appliance.
One part of the research involved testing two security checks that Fortinet added in the patch release.
Assetnote said that included creating chunk requests that had fewer than 1,024 bytes and a length string of fewer than 17 characters.
Assetnote used information from previous FortiGate exploits to create the PoC for CVE-2024-27162.
Previous exploits created post parameter allocation sizes and calls to the SSL do handshake function.
The blog post also emphasized how often FortiGate contains memory corruption vulnerabilities.
Fortinet disclosed two more critical vulnerabilities that affect FortiOS and FortiProxy just last week.
Fortinet did not respond to a request for comment at press time.
Arielle Waldman is a news writer for TechTarget Editorial covering enterprise security.


This Cyber News was published on www.techtarget.com. Publication date: Mon, 18 Mar 2024 20:43:05 +0000


Cyber News related to Exploitation activity increasing on Fortinet vulnerability

Exploitation activity increasing on Fortinet vulnerability - Exploitation activity appears to be ramping up against a critical Fortinet vulnerability that was disclosed and patched last month. In a security advisory on Feb. 8, Fortinet detailed a zero-day vulnerability in FortiOS, tracked as CVE-2024-21762 or ...
9 months ago Techtarget.com
A look at Fortinet's week to forget The Register - Security researchers have urged users to patch vulnerable VPNs as soon as possible since the vulnerability is understood to be easily exploitable. The only workaround recommended by Fortinet is to disable the SSL VPN. Disabling webmode won't mitigate ...
10 months ago Go.theregister.com
CISA warns Fortinet zero-day vulnerability under attack - CISA urged users to address two critical Fortinet vulnerabilities in products that are commonly targeted by the Chinese nation-state threat group Volt Typhoon, and one flaw is already being exploited in the wild. Fortinet published two separate ...
10 months ago Techtarget.com
Fortinet Warns of Yet Another Critical RCE Flaw - Fortinet has patched a critical remote code execution vulnerability in its FortiClient Enterprise Management Server for managing endpoint devices. The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage ...
9 months ago Darkreading.com
Fortinet enhances its OT security solutions and services - Fortinet announced the latest release of new, integrated operational technology security solutions and services. These additions further distance Fortinet's industry-leading OT Security Platform from the rest of the market. The number of industrial ...
1 year ago Helpnetsecurity.com
Fortinet Adds Generative AI Tool to Security Operations Portfolio - Fortinet today added a generative artificial intelligence tool to its portfolio to eliminate a range of manual tasks that security operations teams would otherwise need to perform. John Maddison, chief marketing officer for Fortinet, said Fortinet ...
1 year ago Securityboulevard.com
Fortinet unveils networking solution integrated with Wi-Fi 7 - Fortinet announced a comprehensive secure networking solution integrated with Wi-Fi 7. Fortinet's first Wi-Fi 7 access point, FortiAP 441K, delivers increased speed and capacity, and the new FortiSwitch T1024 is purpose-built with 10 Gigabit Ethernet ...
11 months ago Helpnetsecurity.com
133k+ Fortinet appliances still vulnerable to CVE-2024-21762 The Register - The volume of Fortinet boxes exposed to the public internet and vulnerable to a month-old critical security flaw in FortiOS is still extremely high, despite a gradual increase in patching. According to security nonprofit Shadowserver's latest data, ...
9 months ago Go.theregister.com
Chinese Hackers Exploited Fortinet VPN Vulnerability - Analysis of a Zero Day - Cybersecurity threats from Chinese hackers have been on the rise in recent times, and now it has been revealed that they have exploited a Fortinet VPN vulnerability in order to launch a zero day attack. This article will take a look at the Fortinet ...
1 year ago Securityweek.com
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure - Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution. Fortinet added the two new vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 to the original ...
10 months ago Bleepingcomputer.com
Fortinet warns of critical command injection bug in FortiSIEM - Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests. FortiSIEM is a ...
1 year ago Bleepingcomputer.com
New Fortinet RCE bug is actively exploited, CISA confirms - CISA confirmed today that attackers are actively exploiting a critical remote code execution bug patched by Fortinet on Thursday. The flaw is due to an out-of-bounds write weakness in the FortiOS operating system that can let unauthenticated ...
10 months ago Bleepingcomputer.com
Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks - Fortinet warned organizations on Wednesday that APTs linked to China and other countries have been exploiting two known FortiOS vulnerabilities in attacks aimed at various sectors, including critical infrastructure. One of the exploited ...
10 months ago Securityweek.com
Fortinet warns of critical RCE bug in endpoint management software - Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server software that can allow attackers to gain remote code execution on vulnerable servers. FortiClient EMS enables admins to manage endpoints connected to an ...
9 months ago Bleepingcomputer.com
Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
7 months ago Feeds.fortinet.com
Suspected Chinese Hackers Exploit Vulnerability in Fortinet Devices - According to reports, suspected Chinese hackers were able to exploit a vulnerability in Fortinet devices to gain access to vulnerable networks. Fortinet is a multi-layered security platform that is used to protect against a range of cyberthreats, ...
1 year ago Therecord.media
Cybercriminals Are Becoming More Proficient at Exploiting Vulnerabilities - According to Fortinet, cybercriminals have their sights on the increasing number of new vulnerabilities triggered by the expansion of online services and applications, as well as the rapid rise in the number and variety of connected devices. It's ...
7 months ago Cysecurity.news
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Why the Keitaro TDS keeps causing security headaches - A software company named Keitaro has long been labeled by cybersecurity vendors as a legitimate traffic distribution system vendor, yet the company's product is repeatedly used for malicious activity by cybercriminals. Despite being described as a ...
8 months ago Techtarget.com
Azure Serial Console Attack and Defense - This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders' preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various ...
1 year ago Msrc.microsoft.com
New Fortinet RCE flaw in SSL VPN likely exploited in attacks - Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. The flaw received a 9.6 severity rating and is an out-of-bounds write vulnerability in FortiOS that allows ...
10 months ago Bleepingcomputer.com
Fortinet Warns of New FortiOS Zero-Day - Fortinet on Thursday announced patches for a critical remote code execution vulnerability in FortiOS that may have been exploited in the wild. The security hole, tracked as CVE-2024-21762, impacts FortiOS versions 6.0, 6.2, 6.4, 7.0, 7.2 and 7.4. ...
10 months ago Securityweek.com
Ta444 Turn Credential Harvesting Activity: A Comprehensive Guide - The Ta444 cyber threat group is one of the most active cybercriminals in the world, and one of their notable methods is credential harvesting. Credential harvesting is the process of stealing user’s information, such as usernames, passwords, credit ...
1 year ago Securityaffairs.com
Attacks begin on critical Atlassian Confluence vulnerability - Multiple cybersecurity organizations have observed exploitation attempts against a critical Atlassian Confluence vulnerability that was disclosed and patched last week. In a security advisory published on Jan. 16, Atlassian detailed a remote code ...
10 months ago Techtarget.com
Exploit released for maximum severity Fortinet RCE bug, patch now - Security researchers have released a proof-of-concept exploit for a maximum-severity vulnerability in Fortinet's security information and event management solution, which was patched in February. Tracked as CVE-2024-23108, this security flaw is a ...
6 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)