Vulnerability in 150K+ Fortinet Devices Let Hackers Execute Arbitary Code Remotely
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical security flaw identified as CVE-2024-21762 has been discovered in Fortinet’s FortiOS and FortiProxy secure web gateway systems, potentially impacting around 150,000 devices worldwide.
The vulnerability allows for unauthenticated remote code execution (RCE) by sending specially crafted HTTP requests to the affected machines.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that attackers actively exploit the flaw, adding it to its Known Exploited Vulnerabilities (KEV) catalog.
Federal Civilian Executive Branch (FCEB) agencies must apply the fixes by February 16, 2024, to secure their networks against potential threats.
CVE-2024-21762 – Devices Affected
The vulnerability affects a wide range of Fortinet’s security appliances, including versions of FortiOS, FortiProxy, FortiSwitchManager, and FortiAnalyzer.
These devices are commonly used by organizations to manage network security, making the flaw particularly concerning because it could grant sensitive information access.
📁🄳🄾🄲🅄🄼🄴🄽🅃
According to the FortiGuard Labs’ security advisory, the vulnerability is the result of an improper limitation of a pathname to a restricted directory, which could be exploited by an unauthenticated attacker via the internet.
This could lead to arbitrary code execution on the underlying operating system of affected devices.
Exploitation of this vulnerability has been reported in the wild, with attackers actively seeking to compromise devices that have not yet been patched.
The flaw’s severity has been underscored by its high CVSS score, which reflects the ease of exploitation and the potential impact on affected systems.
As per the Shadowserver report, more than 150,000 devices have been identified as vulnerable.
We have added improvements to our Fortinet FortiOS/FortiProxy scans for CVE-2024-21762 vulnerable instances – nearly 150K (!) found on 2024-02-06: https://t.co/uxH0R7OD4N
Advisory info: https://t.co/KIdrmN73EK
Note: this vulnerability is known to be exploited in the wild pic.twitter.com/CfZj0DcSPh
— Shadowserver (@Shadowserver) March 7, 2024
Fortinet has released patches for the affected versions and is urging customers to update their devices immediately to mitigate the risk. The affected versions and the corresponding patches can be found on Fortinet’s official advisory page.
For users and administrators who are unsure if their devices are vulnerable, a check script has been made available on GitHub by BishopFox. The script, named CVE-2024-21762-check, can be used to determine if a Fortinet device is susceptible to the flaw, facilitating a more efficient response to the threat.
In the meantime, Fortinet has also provided a workaround for those unable to apply the patches immediately. The workaround involves disabling the HTTP/HTTPS administrative interface or limiting IP access to trusted hosts. However, this is only temporary, and users are strongly advised to apply the official patches as soon as possible.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
#Cyber_Security #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Vulnerability in 150K+ Fortinet Devices Let Hackers Execute Arbitary Code Remotely
Author: Guru BaranA critical security flaw identified as CVE-2024-21762 has been discovered in Fortinet’s FortiOS and FortiProxy secure web gateway systems, potentially impacting around 150,000 devices worldwide.
The vulnerability allows for unauthenticated remote code execution (RCE) by sending specially crafted HTTP requests to the affected machines.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that attackers actively exploit the flaw, adding it to its Known Exploited Vulnerabilities (KEV) catalog.
Federal Civilian Executive Branch (FCEB) agencies must apply the fixes by February 16, 2024, to secure their networks against potential threats.
CVE-2024-21762 – Devices Affected
The vulnerability affects a wide range of Fortinet’s security appliances, including versions of FortiOS, FortiProxy, FortiSwitchManager, and FortiAnalyzer.
These devices are commonly used by organizations to manage network security, making the flaw particularly concerning because it could grant sensitive information access.
📁🄳🄾🄲🅄🄼🄴🄽🅃
According to the FortiGuard Labs’ security advisory, the vulnerability is the result of an improper limitation of a pathname to a restricted directory, which could be exploited by an unauthenticated attacker via the internet.
This could lead to arbitrary code execution on the underlying operating system of affected devices.
Exploitation of this vulnerability has been reported in the wild, with attackers actively seeking to compromise devices that have not yet been patched.
The flaw’s severity has been underscored by its high CVSS score, which reflects the ease of exploitation and the potential impact on affected systems.
As per the Shadowserver report, more than 150,000 devices have been identified as vulnerable.
We have added improvements to our Fortinet FortiOS/FortiProxy scans for CVE-2024-21762 vulnerable instances – nearly 150K (!) found on 2024-02-06: https://t.co/uxH0R7OD4N
Advisory info: https://t.co/KIdrmN73EK
Note: this vulnerability is known to be exploited in the wild pic.twitter.com/CfZj0DcSPh
— Shadowserver (@Shadowserver) March 7, 2024
Fortinet has released patches for the affected versions and is urging customers to update their devices immediately to mitigate the risk. The affected versions and the corresponding patches can be found on Fortinet’s official advisory page.
For users and administrators who are unsure if their devices are vulnerable, a check script has been made available on GitHub by BishopFox. The script, named CVE-2024-21762-check, can be used to determine if a Fortinet device is susceptible to the flaw, facilitating a more efficient response to the threat.
In the meantime, Fortinet has also provided a workaround for those unable to apply the patches immediately. The workaround involves disabling the HTTP/HTTPS administrative interface or limiting IP access to trusted hosts. However, this is only temporary, and users are strongly advised to apply the official patches as soon as possible.
With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
#Cyber_Security #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
