Critical bug in Fortinet threatens 150,000 devices

Experts from The Shadowserver Foundation have issued a warning that approximately 150,000 Fortinet FortiOS and FortiProxy devices remain susceptible to the critical vulnerability CVE-2024-21762, which was identified and rectified last month. This flaw allows for unauthenticated code execution.

It’s worth noting that the CVE-2024-21762 vulnerability scored 9.6 on the CVSS scale. This bug in FortiOS is associated with an out-of-bounds write issue, enabling unauthorized attackers to remotely execute arbitrary code by sending specially crafted HTTP requests to vulnerable machines.

Last month, specialists from the Cybersecurity and Infrastructure Security Agency (CISA) in the US added CVE-2024-21762 to their list of known vulnerabilities already being exploited by malicious actors and warned that the issue has been used in hacker attacks.

As reported by analysts from The Shadowserver Foundation, around 150,000 devices vulnerable to this recent bug can still be found online. The majority of these (over 24,000) are located in the USA, with a significant number also detected in India, Brazil, and Canada.

Critical bug in Fortinet threatens 150,000 devices

Researchers remind administrators that they can check if their systems are vulnerable to this issue by using a special Python script developed by cybersecurity company BishopFox.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment