Nearly 150,000 Fortinet systems continue to be impacted by the critical FortiOS out-of-bounds write vulnerability, tracked as CVE-2024-21762, nearly a month after patches were issued, according to SecurityWeek.
Despite the elevated number of potentially vulnerable Fortinet instances, most of which were in the U.S. and India, there has been no evidence suggesting widespread exploitation of the critical flaw, which could be leveraged to trigger arbitrary code or command execution via specially crafted HTTP requests, reported Shadowserver. Europe, China, Canada, Mexico, and Brazil also accounted for thousands of Fortinet systems impacted by the bug. Shadowserver's findings were confirmed by GreyNoise, which has not observed any attacks leveraging the vulnerability against its honeypots. Moreover, Fortinet has not yet updated its advisory indicating something beyond the potential exploitation of the flaw. Infections with the security issue, which had already been added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, could be identified through a Bishop Fox open source tool.
