Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Thousands of Fortinet devices could face attack following security issue

Cyberattack.

Hackers have a pool of almost 150,000 vulnerable Fortinet FortiOS and FortiProxy instances which they can use to execute malicious code without authentication, experts have warned.

A month ago, Fortinet released a patch for a critical vulnerability tracked as CVE-2024-21762 (severity score 9.8), but it seems many admins aren’t diligently installing the fixes. To make matters worse, this flaw was already added to Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV), meaning hackers are actively taking advantage of it. 

However, the details about hackers abusing the flaw are scarce. That could either mean that public platforms aren’t showing this activity, or the flaw is being used by highly sophisticated threat actors.

Patching the flaws

Now, BleepingComputer has spoken to Shadowserver’s Piotr Kijevski, who said that the organization scans the internet for vulnerable versions, but since workarounds and mitigations are also available, it could be that the number of vulnerable endpoints is somewhat lower. The majority of the potential targets, the organization further said, was in the United States (24,000), followed by India, Brazil, and Canada.

As per the National Vulnerability Database, this critical vulnerability is an out-of-bounds write flaw, plaguing multiple versions of FortiOS, and FortiProxy. Theoretically, an attacker could execute unauthorized code on vulnerable devices, using specifically crafted requests. 

Fortinet’s products are popular among small and medium-sized businesses (SMB), which makes them a prime target for cybercriminals. As a result, the company often releases security patches and urges customers to apply them without hesitation. 

In early July 2023, it was said that “hundreds of thousands” of FortiGate firewalls were vulnerable to CVE-2023-27997, a heap-based buffer overflow vulnerability with a 9.8 severity score. 

This flaw affected FortiOS and FortiProxy devices with SSL-VPN enabled. In March the same year, unknown hackers targeted certain US government networks with a zero-day vulnerability found in a Fortinet product. It was later reported that the attackers abused CVE-2022-41328 - an improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in FortiOS, which could have allowed a privileged attacker “to read and write arbitrary files via crafted CLI commands."

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.