A recent vulnerability in FortiOS and FortiProxy that allows unwarranted access and remote code execution (RCE) has been patched by Fortinet. RCE enables attackers to bypass security features on your devices (firewall in this case). This directly leads to your corporate network becoming compromised, and lets attackers perform lateral movement in the network and perform malicious act that can further cripple an organization (e.g. ransomware attack). Worst case scenario: attackers can gain administrative access into your firewall console.

Many of Fortinet’s products such as its firewall, VPN, and anti-virus solutions rely on FortiOS as its base operating system. These products are all categorised under the Fortinet Security Fabric umbrella. FortiProxy is Fortinet’s answer to providing a SWG (secure web gateway), which shields users from online threats and enforces acceptable use policies. They act as data checkpoints to safeguard internet access, and control data going in or out of an organization.

The FortiOS and FortiProxy vulnerability tracked as CVE-2024-21762 has a CVSS (Common Vulnerability Scoring System) score of 9.6, which is a qualitative measure of severity.

Fortinet’s patch came one day after its previous disclosure that attackers were exploiting Fortinet vulnerabilities CVE-2022-42475 and CV3-2023-27997. Patches for both vulnerabilities have been released in January and June 2023 respectively.

Adventus Managed Firewall Services

Adventus recommends that organizations reliant on Fortinet or have devices that rely on FortiOS and FortiProxy update their systems and be aware of this new vulnerability.

We know that manually patching and updating is a tedious and cumbersome task, especially when it comes to Firewall maintenance. Firewalls are the safety net for any business or organization, but their immediate visibility tends to be overlooked as they work in the background. No news from any firewall is good news: which means that threats and malicious actors are prevented from accessing your network.

The latter vulnerability is being taken extremely seriously. After its disclosure on 31 January, Ivanti next reported that a significant number of customers have been impacted by the exploits of CVE-2024-21893. Furthermore, the exploitation volume as shown in the chart below by Shadowserver, a threat monitoring service, far surpasses other recently addressed or fixed Ivanti flaws. This points to a change in the focus of malicious actors.

However, over time, firewalls do need to be updated and maintained. Adventus provides world-class Managed Firewall Services that will protect your business and users without fail. We offer a hassle-free experience to let us manage and update your firewall.

We provide a comprehensive suite of services, ranging from consultation, design and deployment of a product combination that best suits the threat landscape of your organization, and will track its performance along with providing monthly reports to keep you updated. This will free up your time and resources in maintaining your firewalls, so your IT Team can focus on other critical tasks. If this sounds like something your business needs, contact us for a consultation or to speak with our team today!