The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alarming statement confirming that attackers are actively exploiting a critical remote code execution (RCE) vulnerability in Fortinet's FortiOS operating system. The flaw, known as CVE-2024-21762, enables unauthenticated attackers to remotely execute arbitrary code by exploiting an out-of-bounds write weakness through maliciously-crafted HTTP requests.

Fortinet had recently patched the vulnerability in a security update released on Thursday. However, for administrators who are unable to immediately deploy this update, CISA recommends disabling SSL VPN on the affected devices to eliminate the attack vector.

CISA's announcement comes shortly after Fortinet published a security advisory acknowledging that the vulnerability was "potentially being exploited in the wild." Although specific details about the exploitation are yet to be disclosed, CISA has added CVE-2022-48618 to its Known Exploited Vulnerabilities Catalog, stressing that such vulnerabilities are commonly targeted by malicious cyber actors and pose significant risks to the federal enterprise.

To ensure the prompt mitigation of this critical security bug, CISA has ordered all U.S. federal agencies to secure their FortiOS devices within seven days, by February 16, as mandated by the binding operational directive (BOD 22-01) issued in November 2021.

In addition to CVE-2024-21762, Fortinet has also patched two other critical RCE vulnerabilities (CVE-2024-23108 and CVE-2024-23109) in its FortiSIEM solution this week. Initially, the company denied the validity of these CVEs, stating that they were duplicates of a previously-fixed flaw (CVE-2023-34992) from October. However, it was later revealed that these vulnerabilities were discovered and reported by Horizon3 vulnerability expert Zach Hanley. Fortinet eventually acknowledged that CVE-2024-23108 and CVE-2024-23109 were variants of the original CVE-2023-34992 bug.

Given that these vulnerabilities can be exploited by remote unauthenticated attackers to execute arbitrary code on vulnerable Fortinet devices, it is strongly advised that all users promptly secure their devices. Fortinet flaws, often targeted as zero-days, have been exploited in cyber espionage campaigns and ransomware attacks. Just this week, Fortinet disclosed that the Chinese hacking group, Volt Typhoon, used two FortiOS SSL VPN flaws (CVE-2022-42475 and CVE-2023-27997) in their attacks, deploying the Coathanger custom malware. Coathanger, a remote access trojan (RAT), specifically targets Fortigate network security appliances and was recently employed in breaching the military network of the Dutch Ministry of Defence.

The urgency of addressing these vulnerabilities cannot be overstated, as the potential consequences of inaction could be severe. Users are strongly advised to apply the latest security updates and take necessary precautions to safeguard their Fortinet devices against exploitation.

(Note: The article is based on the information provided and does not include any additional entities, numbers, or dates beyond what was mentioned.