Curated Content | Thought Leadership | Technology News

Search
Close this search box.

Sign In

Curated Content | Thought Leadership | Technology News

CISA Issues Urgent Warnings on Critical Fortinet Vulnerabilities

Allowing hackers to execute code or commands.
Emily Hill
Emily Hill
Contributing Writer
Closeup of mobile phone with logo lettering of fortinet anti virus computer network security software on keyboard

The Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms about two critical vulnerabilities within Fortinet products, marking a significant concern for cybersecurity defenders nationwide. The advisories highlighted the urgency of addressing these vulnerabilities, particularly CVE-2024-21762, which affects FortiOS SSL VPN and is critical with a severity score of 9.6 out of 10. This vulnerability allows attackers to execute arbitrary code or commands.

Fortinet disclosed these vulnerabilities, urging users to upgrade to the latest versions to mitigate risks. In an unprecedented move, CISA mandated federal civilian agencies to patch the CVE-2024-21762 issue within a week, a timeline significantly shorter than the typical three-week window. Meanwhile, CVE-2024-23313, another vulnerability with a higher severity rating of 9.8, was also disclosed but is not believed to be actively exploited. These developments come amid reports of Chinese state-sponsored hackers exploiting Fortinet devices.

Why it matters: The disclosure and immediate action required in response to these vulnerabilities underscore the critical nature of cybersecurity in safeguarding national infrastructure and sensitive information.

  • With CVE-2024-21762 receiving a 9.6 and CVE-2024-23313 a 9.8 out of 10 in severity scores, these vulnerabilities present a significant threat to the security of federal agencies and potentially private sector organizations utilizing Fortinet products.
  • The vulnerabilities are particularly concerning due to their potential exploitation by nation-state actors, as evidenced by the Dutch Ministry of Defence’s report and the advisory about the Chinese hacker group Volt Typhoon.
  • Given Fortinet’s widespread use among governments and critical infrastructure sectors, the exploitation of these vulnerabilities could have significant implications for national security and critical services.

Go Deeper -> CISA warns Fortinet zero-day vulnerability under attack – TechTarget

CISA warns of Fortinet bug likely being exploited in the wild – The Record

Save

Save

Sign in to comment

×
You have free article(s) left this month courtesy of CIO Partners.

About TNCR

Manage My Account

Sign In

Profile

Saved Articles

Explore TNCR

STAY IN TOUCH

NationalCIOReview.com Copyright (c) 2024 All Rights Reserved.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Unlimited Access

Digital Annual

$10.00/ month

Billed Annually

Unlimited Access

Learn More

HMB Banner Ads (1200 × 125 px) (600 × 418 px)
Week In Review | The National CIO Review
5, 4, 3, 2, 1 🚀🚀

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters