Skip to main content
close search
site logo
Dive Brief

Attackers hit more networking gear, this time a critical Fortinet CVE

The active exploits of Fortinet appliances come during a heightened period of China state-linked malicious activity targeting networking equipment.

Published Feb. 12, 2024
Matt Kapko's headshot
Senior Reporter
Digital cloud and network security. 3D computer hardware illustration.
solarseven

Dive Brief:

  • Threat actors are actively exploiting a critical remote code execution vulnerability in Fortinet’s FortiOS operating system, the Cybersecurity and Infrastructure Security agency said Friday. 
  • CISA added the out-of-bound write vulnerability, CVE-2024-21762, to its known exploited vulnerabilities catalog one day after Fortinet issued a patch and workaround for the CVE in a Thursday security advisory. The vulnerability, which unauthenticated attackers can exploit to execute arbitrary code or commands, has a CVSS score of 9.8 out of 10.
  • Fortinet advised customers to upgrade or migrate to patched versions of FortiOS and the FortiProxy secure web gateway. Customers using these devices can also disable SSL VPN as a workaround, according to Fortinet.

Dive Insight:

The advisory and active exploitation of Fortinet appliances comes as federal cyber authorities and intelligence officials last week warned about active intrusions and ongoing malicious activity targeting networking infrastructure in critical infrastructure providers in the U.S.

China state-linked actors, including Volt Typhoon and others, are using living off the land techniques to mask their activities and embed into networking equipment. Some established footholds date back to 2019.

CISA and Fortinet declined to answer questions about the level of exploit activity, or the identity and motivations of threat actors targeting the Fortinet CVE. Researchers haven’t attributed the exploits to a specific threat group.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said in its advisory.

Rapid7 researchers said recent Fortinet SSL VPN vulnerabilities have been exploited by threat actors as zero-days and n-days following public disclosure.

”Zero-day vulnerabilities in Fortinet SSL VPNs have a history of being targeted by state-sponsored and other highly motivated threat actors,” Rapid7 said Monday in a blog post.

CISA ordered federal civilian executive branch agencies to remediate the vulnerability in FortiOS and FortiProxy devices by Feb. 16.

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Whalebone Ranks Third Straight Year Among Central Europe’s 50 Fastest-Growing Companies
From Whalebone
November 25, 2024
Editors' picks
Latest in Vulnerability
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.