REDLEGG BLOG
Emergency Security Bulletin | RedLegg | 96Bravo

Emergency Security Bulletin - Fortinet FortiOS Out-of-Bounds Remote Code Execution Vulnerability

2/9/24 12:31 PM  |  by RedLegg's Cyber Threat Intelligence Team

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.

Executive Summary

On February 8, 2024, Fortinet released a security advisory to their customers alerting them of a new vulnerability in FortiOS for the local sslvpnd service. Customers who utilize FortiOS devices with SSL VPN services may be affected. CVE-2024-21762 is a critical vulnerability that may allow adversaries to perform remote code execution (RCE) on FortiOS devices by submitting specially crafted HTTP requests to the device. Fortinet states that this vulnerability “…is potentially being exploited in the wild”. Due to an abundance of caution, RedLegg is publishing an advisory to their customers notifying them to either mitigate this vulnerability by disabled SSL VPN services on affected FortiOS devices, or patch to the latest available FortiOS update.

 

VULNERABILITIES

Fortinet FortiOS Out-of-Bounds Remote Code Execution Vulnerability

Identifier: CVE-2024-21762 – CVSS Score 9.6 (CRITICAL)
Exploit or POC: Yes (Actively Being Exploited)
Update: FortiGuard Labs PSIRT FG-IR-24-015
Description: CVE-2024-21762 allows for remote code execution. Authentication is not required to successfully exploit this vulnerability. CVE-2024-21762 is an out-of-bounds write vulnerability in the sslvpnd service that could allow an adversary to execute remote code by sending specially crafted HTTP requests.
Mitigation recommendation: Disable SSL VPN, this will disable VPN services for FortiOS devices. Fortinet notes that disabling webmode is NOT a valid workaround.
To continue use of VPN services, patching is currently the only method of mitigation. Update to the latest software versions disclosed in the FortiGuard Labs PSIRT FG-IR-24-015.
RedLegg Action: None at this time.

Get Blog Updates

Related Articles

Emergency Security Bulletin - FortiManager Missing Authentication Vulnerability Bulletin, Vulnerability Bulletins

Emergency Security Bulletin - FortiManager Missing Authentication Vulnerability

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Emergency Security Bulletin - Updated Patch for Ivanti Vulnerabilities Bulletin, Vulnerability Bulletins

Emergency Security Bulletin - Updated Patch for Ivanti Vulnerabilities

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin