About a month ago, Fortinet patched a critical FortiOS vulnerability and warned customers about the potential exploit. Many systems are affected, but there are still no signs of large-scale attacks.
The vulnerability, tracked as CVE-2024-21762, is described as an out-of-bounds write issue in FortiOS and FortiProxy that could allow a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted HTTP requests.
When it disclosed the zero-day flaw on February 9, Fortinet said it was “potentially exploitable in nature.” CISA added CVE-2024-21762 to its Catalog of Known Exploited Vulnerabilities a few days later.
There are no details on attacks exploiting CVE-2024-21762, and there is currently no evidence of widespread attacks.
Fortinet vulnerabilities are often exploited by advanced threat actors in highly targeted attacks, but mass exploitation is not uncommon, especially after a patch is released and information becomes public.
In this case, more than a month has passed since the initial announcement and there are still no reports of mass attacks. Threat intelligence company GreyNoise, a technical analysis tracks the security hole CVE-2024-21762 exploitation tries, but his honeypots have yet to see any attacks.
Fortinet doesn’t appear to have confirmed the exploit either – its advice still “potentially exploitable,” he says.
Shadowserver is a non-profit cyber security organization seeing About 150,000 Fortinet product instances may be affected by CVE-2024-21762, but have made no mention of seeing actual attack attempts.
Here is the highest percentage of potentially vulnerable systems seen by Shadowserver United States, followed by India. Thousands of examples have been found in Europe, China, Canada, Mexico and Brazil.
Bishop Fox provides open source tool that organizations can use to determine whether a device is affected by a vulnerability.
Related: Fortinet Warns Customers of Zero-Day Exploitation in Limited Attacks
Related: Fortinet Patches Critical Vulnerabilities in FortiSIEM
Related: Fortinet Patches High Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products