150,000 Devices at Risk: Fortinet Bug Exploited

A critical vulnerability in Fortinet’s security systems has impacted approximately 150,000 devices worldwide.

The vulnerability, CVE-2024-21762 (CVSS score: 9.8), is characterized as an out-of-bounds write issue in FortiOS, enabling an unauthenticated attacker to execute code remotely (Remote Code Execution, RCE) through specially crafted requests. The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed the active exploitation of this flaw, including it in the KEV catalog.

One month after Fortinet addressed the bug, the Shadowserver service identified about 150,000 vulnerable devices, with the majority located in the United States, India, Brazil, and Canada (over 24,000). Companies can assess the vulnerability of their SSL VPN systems using a simple Python script developed by researchers at BishopFox.

Details regarding the groups actively exploiting the vulnerability remain limited, as public platforms do not track such activity, or the vulnerability is being exploited in targeted attacks by more sophisticated cybercriminals.