-
Notifications
You must be signed in to change notification settings - Fork 47
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #711 from DIVD-NL/fortios-2024-00005
Case 5 casefile
- Loading branch information
Showing
1 changed file
with
60 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| --- | ||
| layout: case | ||
| title: Authentication Bypass in JetBrains TeamCity | ||
| excerpt: "A new RCE vulnerability in FortiOS SSL VPN could lead to full compromise of your system." | ||
| author: Max van der Horst | ||
| lead: Ralph Horn | ||
| researchers: | ||
| - Researchers Fox-IT | ||
| - Victor Pasman | ||
| - Ralph Horn | ||
| - Max van der Horst | ||
| cves: | ||
| - CVE-2024-21762 | ||
| product: | ||
| - FortiOS SSL VPN | ||
| versions: | ||
| - 7.4.0 through 7.4.2 | ||
| - 7.2.0 through 7.2.6 | ||
| - 7.0.0 through 7.0.13 | ||
| - 6.4.0 through 6.4.14 | ||
| - 6.2.0 through 6.2.15 | ||
| - All versions 6.0 | ||
| recommendation: "Update your devices to a patched version as soon as possible" | ||
| patch_status: Released | ||
| workaround: None | ||
| status : open | ||
| start: 2024-02-08 | ||
| end: | ||
| timeline: | ||
| - start: 2024-02-08 | ||
| end: | ||
| event: "DIVD starts researching this vulnerability in collaboration with Fox-IT." | ||
| - start: 2024-02-09 | ||
| end: | ||
| event: "DIVD sends out first round of notifications.." | ||
| #ips: | ||
| # ips is used for statistics after the case is closed. If it is not applicable, you can set IPs to n/a (e.g. stolen credentials) | ||
| # This field becomes mandatory when the case status is set to 'Closed' | ||
|
|
||
| # You can set IPs to n/a when this case isn't about IPs (e.g. stolen credentials) | ||
| --- | ||
| ## Summary | ||
|
|
||
| Fortinet is warning that a new Remote Code Execution vulnerability in FortiOS SSL VPN is being exploited by threat actors. Fortinet advises updating to the latest version to install the patch. Failing to install the patch might lead to a threat actor completely taking over your network. | ||
|
|
||
| ## Recommendations | ||
|
|
||
| Fortinet urges users to upgrade to the latest version as soon as possible. If you are compromised, DIVD advises you start your incident response process immediately. | ||
|
|
||
| ## What we are doing | ||
|
|
||
| DIVD is currently working together with Fox IT to identify vulnerable instances and notify the owners of these systems. | ||
|
|
||
| {% comment %} Leave this here, so we see a timeline {% endcomment %} | ||
| {% include timeline.html %} | ||
|
|
||
| ## More information | ||
| * [FortiGuard advisory](https://www.fortiguard.com/psirt/FG-IR-24-015) | ||
| * [CVE-2024-21762](https://nvd.nist.gov/vuln/detail/CVE-2024-23917) | ||
| * {% cve CVE-2024-21762 %} |