Fortinet has released a security update to address a vulnerability in FortiOS and FortiProxy software, specifically addressing an actively exploited zero-day CVE-2024-21762.

Affected Systems

The following systems are affected but not limited to:

• FortiOS version: 7.4.0 through 7.4.2.

• FortiOS Version: 7.2.0 through 7.2.6.

• FortiOS Version: 7.0.0 through 7.0.13.

• FortiProxy Version: 7.4.0 through 7.4.2.

• FortiProxy Version: 7.2.0 through 7.2.8.

• FortiProxy Version: 7.0.0 through 7.0.14.

Security Risks

The successful exploitation of vulnerabilities in FortiOS and FortiProxy software poses a significant security risk, enabling cyber threat actors to gain unauthorized control over affected systems.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:

• Follow Fortinet Security Advisories to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible.

     The released software versions for upgrade include, but are not limited to:

• FortiOS version: 7.4.3 or above.

• FortiOS Version: 7.2.7 or above.

• FortiOS Version: 7.0.14 or above.

• FortiProxy Version: 7.4.3 or above.

• FortiProxy Version: 7.2.9 or above.

• FortiProxy Version: 7.0.15 or above.

• Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References

https://www.fortiguard.com/psirt/FG-IR-24-015