Security News > 2024 > March > Critical Fortinet flaw may impact 150,000 exposed devices
Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication.
America's Cyber Defense Agency CISA confirmed last month that attackers are actively exploiting the flaw by adding it to its Known Exploited Vulnerabilities catalog.
Almost a month after Fortinet addressed CVE-2024-21762, The Shadowserver Foundation announced on Thursday that it found nearly 150,000 vulnerable devices.
New Fortinet RCE flaw in SSL VPN likely exploited in attacks.
Critical TeamCity flaw now widely exploited to create admin accounts.
Hackers exploit critical RCE flaw in Bricks WordPress site builder.
News URL
Related news
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame (source)
- Fortinet releases patches for undisclosed critical FortiManager vulnerability (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-09 | CVE-2024-21762 | Out-of-bounds Write vulnerability in Fortinet Fortios A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests | 9.8 |