pwshub.com

86k Fortinet devices still vulnerable to active exploits

5 days ago

More than 86,000 Fortinet instances remain vulnerable to the critical flaw that attackers started exploiting last week, according to Shadowserver's data.

The most recent count taken from Sunday put the number of IPs vulnerable to the bug at 86,602 – a slight decrease from 87,930 the day before.

The internet security biz's data showed the majority of those appliances are located in Asia (38,778), followed, though not closely, by North America (21,262) and Europe (16,381).

Fortinet's week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim

READ MORE

CVE-2024-23113 was first disclosed in February, but the bad guys had been too busy experimenting with other critical bugs that were fixed around the same time.

For reasons unknown, the vulnerability has only recently caught the attention of attackers. The US's Cybersecurity and Infrastructure Security Agency (CISA) broke the news it was being actively exploited last week by adding it to the Known Exploited Vulnerabilities (KEV) catalog.

Security flaws are only added to the KEV catalog when the agency knows that a vulnerability is both being actively exploited and poses a serious threat to the security of federal civilian executive branch (FCEB) agencies.

  • CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame
  • Fortinet admits miscreant got hold of customer data in the cloud
  • China's FortiGate attacks more extensive than first thought
  • More than 133,000 Fortinet appliances still vulnerable to month-old critical bug

These agencies received the usual 21-day window in which to address the vulnerability. That means they either have to upgrade to a safe version, or disconnect the affected appliance until a fix can be applied.

The status of whether the vulnerability is being used in ransomware attacks remains "unknown," as it was last week.

Carrying a CVSS v3 severity rating of 9.8, the remote code execution vulnerability is about as serious as they come. The assessment of CVE-2024-23113 concluded any successful exploit would have a high impact on data confidentiality, system integrity, and service availability, and required no privileges or user interaction to pull it off.

Affecting various versions of FortiOS, FortiPAM, FortiProxy, and FortiWeb, admins are advised to upgrade to unaffected releases or implement the mitigations outlined in Fortinet's advisory.

The mitigation involves removing the fgfm daemon access for every vulnerable interface, although this will prevent FortiManager from discovering FortiGate devices. ®

Source: theregister.com

Other stories
23 minutes ago - Asus recently unveiled its ROG Thor III series of ATX 3.1 power supplies, which includes three models ranging from 1,000W to a massive 1,600W. The lineup boasts various features designed to improve power delivery and efficiency, reduce...
23 minutes ago - In a dramatic fall from grace, Byju Raveendran, founder of Indian edtech company Byju's, has admitted to significant mistakes that led to the company's downfall. Speaking to journalists this week, Raveendran revealed that the startup,...
53 minutes ago - The successor to Bose's SoundLink Mini 2 Bluetooth speaker sounds very impressive for its compact size.
53 minutes ago - Broadband options are limited in this Lone Star State town, but CNET has gathered the best, fastest and cheapest internet options.
53 minutes ago - Why You Can Trust CNET Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy...