Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities (CVE-2024-21762, CVE-2023-27997 and CVE-2022-42475) in Fortigate products. This malicious file could allow read -free access to device file system files, which may include configurations. Fortinet has communicated directly with account holders of customers identified as affected by this issue on the basis of telemetry available with mitigation guidelines.
See the following resource for more information:
The CISA encourages administrators to examine the Fortinets council and:
- End to the Fortios 7.6.2, 7.4.7, 7.2.11, 7.0.17, 6.4.16 file to delete the formaling.
- Review the configuration of all peripherals in the Scope.
- Reset the potentially exposed identification information.
- As a yield attenuation to the application of the fix, consider deactivating the SSL-VPN functionality, because the operation of the file requires the activation of the SSL-VPN.
For more information on mitigation: Steps recommended to be executed in the event of a community … – Fortinet.
Organizations must report abnormal incidents and activities at the CISAS 24/7 Operations Center at report@cisa.gov or (888) 282-0870.
