In the realm of cybersecurity, vigilance is not just recommended; it's mandatory. The recent disclosure of CVE-2024-21762, an out-of-bound write vulnerability in FortiOS/FortiProxy's sslvpnd, underscores this reality. Released on February 8, 2024, this vulnerability has left more than 150,000 firewalls exposed to potential exploitation.
CVE-2024-21762 poses a significant risk, enabling unauthorized actors to execute arbitrary code or disrupt services through a specially crafted SSL VPN request. This vulnerability's discovery and the subsequent release of a patch by Fortinet signal the critical nature of the threat and the need for immediate action by network administrators.
Also, multiple threat actors have come up to sell access to FortiGate devices. This emergent black market for network access signifies a heightened threat level for organizations using FortiGate firewalls, especially those who have not yet applied the critical CVE-2024-21762 patch.
Our analysis conducted confirm that access were started being sold beginning from March 6th, 2024, has identified a total of 32 distinct instances where access to compromised devices was sold.
BreachForums has emerged as the primary marketplace for these illicit activities, highlighting the need for increased surveillance and control measures on these platforms.
The accompanying bar chart below succinctly summarizes the activity of both the threat actors and the forums involved, underlining the critical areas of focus for cybersecurity efforts.
What's more alarming is the commercialization of this vulnerability. Exploits are now being sold for around 300 dollars in bitcoin, making it accessible to a wide range of malicious actors. Forums such as BreachForums, XSS.is, and Raid Forum have become hotspots for such transactions, with over 32 posts from 5 different threat actors selling access to compromised FortiGate devices.
The disclosure of CVE-2024-21762 serves as a reminder of the ever-present threats in the digital landscape. As we navigate these turbulent waters, the importance of proactive measures and robust security protocols cannot be overstated. By taking immediate action and adhering to best practices, we can shield our networks from harm and maintain the integrity of our digital infrastructures. For more detailed information and guidance, visit FortiGuard Labs at https://www.fortiguard.com/psirt/FG-IR-24-015.