Mitigate Fortinet Vulnerabilities: Key Steps to Protect Your Devices from Exploitation

Here is a summary and important mitigation information based on your shared CISA advisory about the new Fortinet vulnerabilities (CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475):

---

Summary:​

• Threat: A threat actor is creating a malicious file using previously exploited Fortinet vulnerabilities, specifically affecting FortiGate products.
• Impact: The malicious file grants read-only access to device file systems, possibly exposing configuration files and sensitive information.
• Target: Victims are those with unpatched devices for the listed vulnerabilities; Fortinet is directly notifying affected customers.

---

Recommended Actions (per CISA & Fortinet):​

• Patch/Upgrade:
• Immediately upgrade FortiOS to one of the following versions (whichever is applicable):
• 7.6.2
• 7.4.7
• 7.2.11
• 7.0.17
• 6.4.16
• Configuration Review:
• Carefully review the configuration of all in-scope FortiGate devices for unauthorized changes.
• Credential Reset:
• Reset credentials that may have been exposed through this file or via previous breaches.
• Temporary Workaround (If you cannot patch right away):
• Disable SSL-VPN functionality, as exploitation requires SSL-VPN to be enabled.
• Reporting:
• Report incidents or unusual behavior to CISA's 24/7 Operations Center at Report@cisa.gov or (888) 282-0870.

---

Additional Resources:​

• Fortinet Blog: Analysis of Threat Actor Activity
• Technical Tip: Recommended steps to execute in case of a... (Fortinet Community)

---

Key Takeaway:
Upgrade your FortiGate devices to the patched OS versions, disable SSL-VPN temporarily if needed, review configurations, and reset potentially exposed credentials to prevent and mitigate compromise.
For official full details, refer to the CISA advisory and Fortinet's own security advisories.

---

Source: www.cisa.gov Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities | CISA