CISA: Attacks targeting new critical Fortinet RCE underway

BleepingComputer reports that threat actors were noted by the Cybersecurity and Infrastructure Security Agency to have commenced attacks targeting the critical remote code execution vulnerability in Fortinet's FortiOS devices, tracked as CVE-2024-21762, just a day after Fortinet noted possible exploitation. Active exploitation of the flaw has prompted CISA to urge its remediation among federal agencies by Feb. 16. Meanwhile, organizations that could not immediately implement the patches were advised to deactivate their devices' SSL VPN. Such a development comes days after Fortinet disclosed two critical security issues in FortiSIEM, tracked as CVE-2024-23108 and CVE-2024-23109, which were confirmed to be variants of the CVE-2023-34992 vulnerability that had been addressed in October. Fortinet also recently reported that two flaws impacting its FortiOS SSL VPN, tracked as CVE-2022-42475 and CVE-2023-27997, had been leveraged by Chinese state-sponsored hacking operation Volt Typhoon to facilitate the distribution of the Coathanger remote access trojan.