Our hearts go out to everyone affected by Hurricane Helene. Our team has been working endlessly to make sure these communities in Western North Carolina have the resources they need during this challenging time. If you're looking to help out those in need, there are many ways to do so. We have included those options here: Hurricane Helene
02.09.2024

FortiOS [CVE-2024-21762] [FG-IR-24-015]

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 02/09/2024

Action Level - Critical

Description

MCNC wants to alert you regarding a new critical remote code execution vulnerability in FortiOS SSL VPN. This vulnerability is being tracked as CVE-2024-21762/FG-IR-24-015, and it affects FortiOS, which may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.

This flaw was disclosed along with CVE-2024-23113 (Critical/9.8 rating), CVE-2023-44487 (Medium), and CVE-2023-47537 (Medium).

Affected Versions

Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

Fixed Versions

Version Affected               Solution

FortiOS 7.6 Not affected             Not Applicable

FortiOS 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above

FortiOS 7.2 7.2.0 through 7.2.6 Upgrade to 7.2.7 or above

FortiOS 7.0 7.0.0 through 7.0.13 Upgrade to 7.0.14 or above

FortiOS 6.4 6.4.0 through 6.4.14 Upgrade to 6.4.15 or above

FortiOS 6.2 6.2.0 through 6.2.15 Upgrade to 6.2.16 or above

FortiOS 6.0 6.0 all versions Migrate to a fixed release

Attack Vector

FortiOS SSL VPN 

Attack Feasibility 

Fortiguard made a note that this is potentially being exploited in the wild.

Mitigation/Remediation

Update to the recommended solution based on your affected version. If you can not update, then the workaround is to disable SSL VPN (disabling webmode is NOT a valid workaround)

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC