CISA warns of Fortinet bug likely being exploited in the wild

The top cybersecurity agency in the U.S. released two advisories on Friday about Fortinet vulnerabilities causing alarm among cybersecurity defenders.

The Cybersecurity and Infrastructure Security Agency (CISA) released multiple warnings about CVE-2024-21762, a vulnerability affecting FortiOS SSL VPN that would allow an attacker to execute arbitrary code or commands. The vulnerability, which Fortinet disclosed on Thursday, was rated critical and carries a severity score of 9.6 out of 10.

CISA’s level of alarm about the bug was apparent by the deadline they gave federal civilian agencies to patch the issue. They typically give agencies three weeks to patch almost all vulnerabilities, but for the second time ever they have ordered officials to install the patch within a week.

Fortinet said it “is potentially being exploited in the wild,” while CISA said it was unsure whether it is being used by ransomware gangs. Fortinet urged customers to upgrade to the latest version.

In another advisory, CISA warned of CVE-2024-23313, a bug that Fortinet does not believe is being actively exploited. CVE-2024-23113 had a higher severity rating at 9.8 out of 10.

Fortinet devices are a popular target for nation-state hackers, particularly those associated with the Chinese government, because of their widespread use among governments.

Last Tuesday, the Dutch Ministry of Defence said Chinese state-sponsored hackers broke into an internal computer network through a vulnerability in FortiGate devices.

This week, CISA and the FBI warned that Chinese hackers that are part of the Volt Typhoon group have been seen exploiting vulnerabilities in networking appliances such as those from Fortinet.

“They often use publicly available exploit code for known vulnerabilities but are also adept at discovering and exploiting zero-day vulnerabilities,” the advisory states.