Security News VULNERABILITIES Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks

CyberPanther

Level 7
Thread author
Verified
Well-known
Oct 1, 2019
303
150,000 systems possibly impacted by the recent Fortinet vulnerability CVE-2024-21762, but there is still no evidence of widespread exploitation.

VULNERABILITIESPossibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks
150,000 systems possibly impacted by the recent Fortinet vulnerability CVE-2024-21762, but there is still no evidence of widespread exploitation.

Fortinet exploited
Roughly one month ago, Fortinet patched a critical FortiOS vulnerability and warned customers about potential exploitation. Many systems are impacted, but there still do not appear to be any signs of large-scale attacks.

The vulnerability, tracked as CVE-2024-21762, has been described as an out-of-bounds write issue in FortiOS and FortiProxy that can allow a remote, unauthenticated attacker to execute arbitrary code or commands through specially crafted HTTP requests.

When it disclosed the zero-day flaw on February 9, Fortinet said it was ‘potentially being exploited in the wild’. CISA added CVE-2024-21762 to its Known Exploited Vulnerabilities Catalog a few days later.

No details seem to be available on attacks exploiting CVE-2024-21762 and there is currently no evidence of widespread attacks.

Fortinet vulnerabilities are often initially exploited in highly targeted attacks by sophisticated threat actors, but mass exploitation is not uncommon, particularly after a patch is released and information becomes public.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top