CVE-2024-21762

Cyber Security Alert: Fortinet Warns of Critical FortiOS SSL VPN Flaw

fortinet logo

Overview: Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation. Immediate action required.

Threat Name: CVE-2023-20198

Risk Factor: Critical

Date: 9th Feb 2024

Get Help Now

Solace Cyber security specialists can assist with updating your firewall to the latest version.

What We Know

On February 8, 2023, Fortinet issued a notice addressing a potentially exploited vulnerability in the wild. This vulnerability, found in the SSL VPN component, is classified as a pre-authentication vulnerability, with a critical severity rating of 9.6 CVSSv3. The identified flaw could enable a remote attacker to authenticate remotely by employing carefully crafted HTTP requests. Subsequently, the attacker may execute arbitrary code or commands, as reported by Fortinet.

What Has Fortinet Said About The Vulnerability?

Fortinet has emphasised that the only viable solution is to disable the SSL VPN entirely; opting to deactivate webmode is not considered a valid workaround. Urgent action is advised to promptly patch this vulnerability.

The affected versions and recommended solutions for FortiOS are as follows:

  • FortiOS 7.6 is not affected, and no action is required (Not Applicable).
  • FortiOS 7.4 versions ranging from 7.4.0 through 7.4.2, users are advised to upgrade to version 7.4.3 or above.
  • FortiOS 7.2 with versions between 7.2.0 and 7.2.6, it is recommended to upgrade to 7.2.7 or above.
  • FortiOS 7.0 users with versions from 7.0.0 through 7.0.13 should upgrade to 7.0.14 or above.
  • FortiOS 6.4, versions 6.4.0 through 6.4.14, an upgrade to version 6.4.15 or above is recommended.
  • FortiOS 6.2 users with versions ranging from 6.2.0 through 6.2.15 are advised to upgrade to 6.2.16 or above.
  • FortiOS 6.0 in all versions, it is recommended to migrate to a fixed release.

What’s The Impact and Implementation Plan?

The flaw allows an attacker to remotely authenticate using crafted HTTPS requests. According to vuldb.com, technical details are unknown, but an exploit is available.

Swiftly upgrade your firewall to the most recent update. Solace Cyber is available to help you with the process of updating your firewall to the latest version.

Need support?

Solace Cyber security specialists can assist with updating your firewall to the latest version