Fortinet has revealed vulnerabilities in its FortiOS, FortiProxy, FortiClient Linux, and FortiClient Mac products, including a critical one that could allow remote code execution. This critical flaw, identified as CVE-2023-45590, has a high severity score and could enable an attacker to execute arbitrary code by tricking a user into visiting a malicious website. Other high-severity issues affect FortiOS and FortiProxy, where credentials are not adequately protected. A specific flaw (CVE-2023-41677) might allow an attacker to steal the administrator cookie under certain conditions. Additionally, FortiClientMac has vulnerabilities due to a lack of configuration file validation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about the potential for cyber threat actors to exploit these vulnerabilities.
๐จ Latest issue of my curated #cybersecurity and #infosec list of resources for week #06/2024 is out! It includes the following and much more:
โ ๐ #Juniper Support Portal Exposed Customer Device Info
โ ๐ ๐น๐ญ Major #DataBreach in #Thailand Exposes Personal Data of 20 Million Elderly Citizens
โ ๐ ๐ซ๐ท Millions at risk of fraud after massive health data hack in #France
โ ๐ ๐บ๐ธ #Verizon employee inadvertently leaks data of 63 thousand colleagues
โ ๐ ๐ฅ๏ธ #AnyDesk Hacked: Revokes Passwords, Certificates in Response
โ ๐ ๐บ๐ธ #Clorox says #cyberattack caused $49 million in expenses
โ ๐ธ ๐ #Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline
โ ๐บ๐ธ ๐ฐ US offers $10 million for tips on #Hive ransomware leadership
โ ๐จ๐ณ ๐บ๐ธ #China-backed Volt Typhoon hackers have lurked inside US #criticalinfrastructure for โat least five yearsโ
โ ๐จ๐ณ ๐ณ๐ฑ Chinese Hackers Exploited #FortiGate Flaw to Breach Dutch #Military Network
โ ๐ฎ๐ท ๐ฎ๐ฑ #Iran accelerates cyber ops against #Israel from chaotic start
โ ๐ง๐พ ๐บ๐ธ Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion #Crypto Money Laundering
โ ๐ญ๐ฐ ๐ธ #Finance worker pays out $25 million after video call with #deepfake โchief financial officerโ
โ ๐บ๐ฆ #ukraine is Creating a โCyber Diplomatโ Post
โ ๐ฉ๐ฐ #Denmark orders schools to stop sending student data to #Google
โ ๐ช๐บ โ๏ธ #EU proposes criminalizing AI-generated child sexual abuse and deepfakes
โ ๐ณ๐ฑ ๐ฐ #Uber Fined 10 Million Euros by Dutch Data Regulator
โ ๐บ๐ธ ๐ US to Roll Out Visa Restrictions on People Who Misuse #Spyware to Target Journalists, Activists
โ ๐ฆ ๐ฌ Raspberry Robin #Malware Upgrades with #Discord Spread and New Exploits
โ ๐ฆ ๐ New #macOS Backdoor Linked to Prominent Ransomware Groups
๐ฆ ๐ชฅ Surprising 3 Million Hacked #Toothbrushes Story Goes ViralโIs It True?
โ ๐จ๐ฆ ๐ฌ #Canada declares #FlipperZero public enemy No. 1 in car-theft crackdown
โ ๐ฉน #Ivanti: Patch new Connect Secure auth bypass bug immediately
โ ๐ ๐ Security flaw in a popular smart helmet allowed silent location tracking
โ ๐ฉน Critical Patches Released for New Flaws in #Cisco, #Fortinet, #VMware Products
โ ๐ ๐ง Critical Boot Loader #Vulnerability in Shim Impacts Nearly All #Linux Distros
โ ๐ โ๏ธ #Airbus App Vulnerability Introduced Aircraft Safety Risk
โ ๐ฉน #QNAP Patches High-Severity Bugs in QTS, Qsync Central
--
๐ This week's recommended reading is: "x86 Software Reverse-Engineering, Cracking, and Counter-Measure" by Stephanie Domas & Christopher Domas
--
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end โฌ๏ธ
Security researchers reveal attackers are actively exploiting a vulnerability in the SSL VPN feature in Fortinet FortiOS. The vulnerability is tracked as CVE-2024-21762, and when exploited, can allow an attacker to execute code remotely. Administrators are advised to patch ASAP.
Falls wer welche druckt; ich beteilige mich gerne finanziell, damit endlich die Software, die uns als sicher und allheilige Securitymaรnahme verkauft wird, mithilfe der Aufkleber wirklich wieder sicher ist.
๐จActief misbruik kritieke kwetsbaarheid in FortiOS SSL-VPN๐จ
De kwetsbaarheid is aangeduid als 'High/High'. Dit betekent dat er een grote kans is dat deze kwetsbaarheid misbruikt wordt en dat de schade groot kan zijn.
Er is een beveiligingsupdate uitgebracht die de kritieke kwetsbaarheid verhelpt in FortiOS SSL-VPN. Installeer de update zelf of laat deze door je IT-dienstverlener installeren.
New Fortinet zero-day:
CVE-2024-21762 (9.6 critical) FortiOS - Out-of-bound Write in sslvpnd: A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
Note: This is potentially being exploited in the wild.
Fortinet vulnerabilities have historically been targeted by Peopleโs Republic of China (PRC) state-sponsored cyber actors. On 19 January 2023, Mandiant reported the exploitation of FortiOS SSL VPN vulnerability CVE-2022-42475 as a zero-day by suspected Chinese threat actors. Mandiant published a subsequent blog post on 16 March 2023 detailing the exploitation of another FortiOS zero-day CVE-2022-41328 by the Chinese threat actor UNC3886. CISA, FBI and NSA assess that PRC state-sponsored cyber actors are seeking to position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. CISAโs joint cybersecurity advisory on 07 February 2024 states that Chinese Advanced Persistent Threat (APT) Volt Typhoon likely obtained initial access by exploiting CVE-2022-42475 in a network perimeter FortiGate 300D firewall that was not patched. Fortinet also provided case studies of Volt Typhoon targeting of manufacturing, consulting, local government, and internet service provider sectors, and post-exploitation activity described as Living Off the Land (LotL) techniques.
A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
"Workaround : disable SSL VPN (disable webmode is NOT a valid workaround)"
Anyone with an internet-facing #fortinet#fortigate: I would recommend updating to the latest version of #fortiOS (released a couple of hours ago). Feels like something nasty coming up there...
Die Aargauer Zeitung hatte Ende Januar eine Story verรถffentlicht รผber #Zahnbรผrsten die Angeblich fรผr #DDoS Attacken verwendet wurden. Leider und/oder zum Glรผck war das eine falsche Meldung, wie AZ nun in einer Replik (Antwort) dazu adressieren.
Wir lernen zwei Dinge:
#Fortinet ist wohl keine vertrauenswรผrdige Quelle (mehr?)
Journalismus sollte weitergehen, als eine Story von der gleichen Quelle bestรคtigen zu lassen
Wake up sheeple: Fortinet just tried to hide two maximum severity vulnerabilities in an older security advisory:
CVE-2024-23108 (10.0 critical)
CVE-2024-23109 (10.0 critical)
Both have the same description: "An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests."
๐(10 October 2023) https://www.fortiguard.com/psirt/FG-IR-23-130
The Register summarizes Fortinet's week of bungled official responses from a publication's perspective, leading up to the disclosure of an exploited zero-day CVE-2024-21762 in FortiOS SSL VPN.
๐ https://www.theregister.com/2024/02/09/a_look_at_fortinet_week/