Context
Fortinet has disclosed a critical security flaw, CVE-2024-21762, in its FortiOS Secure Sockets Layer (SSL) VPN, with a CVSS score of 9.6, indicating a high severity flaw. The vulnerability allows remote unauthenticated attackers to execute arbitrary code or commands through specially crafted HTTP requests.
Fortinet acknowledges that the flaw is likely being exploited in the wild, although specific details about the exploitation remain undisclosed. Versions impacted include FortiOS 7.4, 7.2, 7.0, 6.4, 6.2, and 6.0, with recommended upgrades to patched versions.
Community Threat Assessment
Due to the available public reporting of CVE-2024-21762 and noted weaponization of the vulnerability, the RH-ISAC Intelligence Team assesses with moderate confidence that CVE-2024-21762 presents a medium threat for organizations in the retail and hospitality sector that currently utilize FortiOS-dependent products within their environment. RH-ISAC recommends RH-ISAC Core Members who utilize Fortinet review the intelligence included in this report and update device where applicable using the provided intelligence below.
Impacted Fortinet Versions and Recommended Mitigations
The following FortiOS versions are impacted by CVE-2024-21762, it is worth noting that FortiOS 7.6 is not currently affected by CVE-2024-21762.
- FortiOS 7.4 (versions 7.4.0 through 7.4.2) – Upgrade to 7.4.3 or above
- FortiOS 7.2 (versions 7.2.0 through 7.2.6) – Upgrade to 7.2.7 or above
- FortiOS 7.0 (versions 7.0.0 through 7.0.13) – Upgrade to 7.0.14 or above
- FortiOS 6.4 (versions 6.4.0 through 6.4.14) – Upgrade to 6.4.15 or above
- FortiOS 6.2 (versions 6.2.0 through 6.2.15) – Upgrade to 6.2.16 or above
- FortiOS 6.0 (versions 6.0 all versions) – Migrate to a fixed release
