Active abuse critical vulnerability in FortiOS SSL-VPN

Fortinet reports that this vulnerability has been actively and narrowly exploited. No public exploit code is currently available. But because of the severity of the vulnerability, and the expectation that exploit code will appear in the near future that will enable large-scale misuse, the NCSC has decided to designate the security advisory as High/High (2). That is, there is a high probability that these vulnerabilities will be exploited and the damage could be significant.

What's going on?

The vulnerability, rated with a CVSS score of 9.6, resides in the sslvpnd and allows a remote malicious person to execute arbitrary code on the vulnerable system via HTTP requests.

In the event that a malicious party has access to the internal infrastructure and can take a "Man-in-the-Middle" position, this vulnerability allows access to the FortiLink connection between the vulnerable system and a FortiSwitch.

What can I do?

The most recent update to FortiOS, v7.6 is not susceptible to this vulnerability. For all other versions of FortiOS, 7.4 and below, Fortinet has released updates. The Digital Trust Center recommends installing (or having installed) the available updates as soon as possible. If it is not possible to perform the updates immediately, Fortinet indicates that disabling the SSL VPN can be considered as a workaround. More information and the latest updates to FortiOS can be found here (3).

Install the update yourself or have your IT service provider install the security update provided by Fortinet. If you are unsure if you are using a vulnerable product, it is wise to contact your IT service provider as soon as possible.

(1) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21762

(2) https://www.ncsc.nl/actueel/advisory?id=NCSC-2024-0058

(3) https://www.fortiguard.com/psirt/FG-IR-24-015