Hackers target crucial Fortinet equipment with another security vulnerability (CVE)
Critical Remote Code Execution Vulnerability in Fortinet FortiOS Remains Untouched as of February 2023
A critical remote code execution vulnerability, CVE-2023-25610, in Fortinet's FortiOS operating system was disclosed in February 2023. Despite the potential severity of this flaw, with a CVSS score of 9.8 out of 10, there was no verified exploitation or identified threat actors reported for this vulnerability as of that time.
Fortinet promptly released patches and advisories to mitigate this vulnerability, which could allow a remote unauthenticated attacker to execute arbitrary code or cause denial of service via specially crafted requests. The vulnerability affected multiple FortiOS versions (6.0 through 7.2.3), as well as FortiProxy versions.
As of February 2023, there was no public information or confirmed attribution regarding the identity or motives of threat actors exploiting this vulnerability. Fortinet's security bulletin explicitly stated they were not aware of any exploitation in the wild as of the original disclosure in March 2023.
However, later vulnerabilities affecting Fortinet products showed active exploitation by threat actors. For instance, CVE-2024-21762 and CVE-2025-32756 were exploited, but these are different vulnerabilities disclosed after February 2023.
Federal cyber authorities and intelligence officials have warned about active intrusions and ongoing malicious activity targeting networking infrastructure in critical infrastructure providers in the U.S. In response, the Cybersecurity and Infrastructure Security Agency (CISA) ordered federal civilian executive branch agencies to remediate the vulnerability in FortiOS and FortiProxy devices by Feb. 16.
Rapid7 researchers stated that recent Fortinet SSL VPN vulnerabilities have been exploited by threat actors as zero-days and n-days following public disclosure. They identified the vulnerability as CVE-2024-21762, and made this statement on Monday in a blog post.
Fortinet advises customers to upgrade or migrate to patched versions of FortiOS and the FortiProxy secure web gateway to protect against potential exploitation of this vulnerability. It is essential for users to stay vigilant and keep their systems updated to minimize risks from such threats.
***
References:
[1] Fortinet Security Advisory: https://www.fortinet.com/security/advisories/FG-IR-23-004 [2] CISA Advisory: https://us-cert.cisa.gov/ncas/alerts/aa23-088a [3] CISA Known Exploited Vulnerabilities Catalog: https://us-cert.cisa.gov/ccic/catalog/charts/cve-2024-21762
- Despite the existence of a critical remote code execution vulnerability in Fortinet's FortiOS, as of February 2023, no confirmed exploitation or identified threat actors were reported, according to Fortinet's security bulletin.
- In light of the ongoing malicious activity targeting networking infrastructure and the active exploitation of some Fortinet products, it's crucial for users to upgrade, migrate to patched versions of FortiOS and FortiProxy, and keep their systems updated to safeguard against potential exploitation of vulnerabilities such as CVE-2023-25610.
){kind=link}