SSL VPNs are trusted safe connections to personal group networks. A vulnerability like CVE-2024-21762 permits attackers to entry and exploit techniques on these safe channels.
The vulnerability impacts FortiOS variations 7.4 (earlier than 7.4.2), 7.2 (earlier than 7.2.6), 7.0 (earlier than 7.0.13), 6.4 (earlier than 6.4.14), 6.2 (earlier than 6.2.15), 6.0 (all variations). Whereas patches have been rolled out with the successive releases of Fortinet variations 6.2, 6.4, 7.0, 7.2, and seven.4 have reached the tip of assist, model 7.6 is just not affected by the vulnerability.
Customers unable to improve to patched variations are suggested to disable SSL VPN as a workaround.
Fortinet has warned in opposition to another crucial vulnerability (CVSS 9.8), with no recognized exploitations but, tracked below CVE-2024-23113 that additionally permits distant code execution (RCE) by utilizing the “externally-controlled format string vulnerability” within the FortiOS fgfmd daemon, one other safe connection authentication module.
Fortinet warns in opposition to nation-state exploitations
Within the report, Fortinet underlined the techniques, methods, and procedures (TTPs) utilized by China-backed menace actor, Volt Hurricane, to use Fortinet’s recognized bugs to realize preliminary entry to focus on techniques.
The corporate revealed that Chinese language hackers possible exploited Fortinet N-days disclosed in December 2022 (CVE-2022-42475), and June 2023 (CVE-2023-27997) for focusing on crucial infrastructure organizations, because the incident investigation revealed the usage of living-of-the-land (LOTL) binaries per Volt Hurricane’s TTPs.