Fortinet SSL VPN pre-auth RCE, exploitation in wild. Patch now. CVE-2024-21762
https://fortiguard.fortinet.com/psirt/FG-IR-24-015
I understand this is very easy to exploit, and applies to unsupported versions too.
Conversation
Notices
-
Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 09-Feb-2024 08:06:50 JST 
Kevin Beaumont
-
Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 09-Feb-2024 08:09:54 JST
Kevin Beaumont
If I have to name this one it’s gonna have a toothbrush pun in it, FYI. #threatintel
-
Embed this notice
Interpipes 💙 (interpipes@thx.gg)'s status on Friday, 09-Feb-2024 08:45:47 JST 
Interpipes 💙
@GossiTheDog also this is great (from the 7.4.3 release notes)
-
Embed this notice
Interpipes 💙 (interpipes@thx.gg)'s status on Friday, 09-Feb-2024 08:46:00 JST
Interpipes 💙
@GossiTheDog fortunately the only forti box we manage has ssl vpn off because it’s sitting on 7.4.2 and telling me there’s nothing newer.
-
Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 09-Feb-2024 08:57:45 JST
Kevin Beaumont
A @shodan search for FortiOS boxes:
product:"Fortinet FortiGate"
Add org:YourOrg or ssl:YourOrg to find yours.
Obviously validate it's got VPN enabled by visiting the page.
There's a LOT of them - 6 figures, one of the biggest SMB appliances.
-
Embed this notice
Interpipes 💙 (interpipes@thx.gg)'s status on Saturday, 10-Feb-2024 17:58:04 JST
Interpipes 💙
@GossiTheDog FYI seems Fortigate still isn't (as of a couple of hours ago) offering 7.4.3 to people going into their fortinet device and checking for updates as they usually might, and so people might think they are up to date when they are not.... you have to pull the image from fortinet's site and upload it manually to upgrade atm :\
-
Embed this notice
All GNU social JP content and data are available under the