A recent scan on the public web has revealed that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are susceptible to a critical security flaw known as CVE-2024-21762. This vulnerability allows attackers to execute code without authentication, posing a significant risk to affected devices.

Last month, America's Cyber Defense Agency, CISA, confirmed that threat actors were actively exploiting CVE-2024-21762. In response, the flaw was added to CISA's Known Exploited Vulnerabilities (KEV) catalog. Despite Fortinet addressing the issue almost a month ago, a report by The Shadowserver Foundation released on Thursday revealed that nearly 150,000 devices remained vulnerable.

Shadowserver, in conducting their scans, checked for specific versions of the software, indicating that the actual number of affected devices might be lower if administrators applied mitigations instead of upgrading. CVE-2024-21762, which has a severity score of 9.8 according to NIST, enables remote attackers to target vulnerable machines by sending specially crafted HTTP requests.

According to the data collected by Shadowserver, more than 24,000 of the vulnerable devices were found in the United States, making it the country with the highest number of affected systems. Following closely behind were India, Brazil, and Canada. It is important to note that the extent of active exploitation by threat actors remains limited, potentially indicating a selective approach by more sophisticated adversaries or a lack of visibility in public platforms.

Shortly after Fortinet released a statement about the vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed the active exploitation and included it in their KEV catalog. To help companies determine if their SSL VPN systems are vulnerable, researchers at BishopFox, an offensive security company, have developed a Python script that can be run to check for the issue.

Fortinet's FortiOS is an operating system that powers their Security Fabric devices, providing a range of security features such as protection against DoS attacks, IPS, firewall, and VPN services. This operating system is utilized across various Fortinet products, including firewalls, access points, switches, and network access control devices, ensuring centralized management, consistent deployment, and enforcement of security policies.

In addition, FortiProxy, a secure web proxy solution offered by Fortinet, integrates antivirus, intrusion prevention, and browser isolation to protect against web and DNS-based threats, as well as data loss.

As the discovery of the vulnerability persists, it is crucial for organizations to promptly update and apply patches provided by Fortinet to mitigate the risk posed by CVE-2024-21762. Maintaining strong security measures is imperative to safeguarding systems and protecting against potential cyberattacks.