Here is a summary and important mitigation information based on your shared CISA advisory about the new Fortinet vulnerabilities (CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475):
Summary:
Threat: A threat actor is creating a malicious file using previously exploited Fortinet vulnerabilities, specifically affecting FortiGate products.
Impact: The malicious file grants read-only access to device file systems, possibly exposing configuration files and sensitive information.
Target: Victims are those with unpatched devices for the listed vulnerabilities; Fortinet is directly notifying affected customers.
Recommended Actions (per CISA & Fortinet):
Patch/Upgrade:
Immediately upgrade FortiOS to one of the following versions (whichever is applicable):
7.6.2
7.4.7
7.2.11
7.0.17
6.4.16
Configuration Review:
Carefully review the configuration of all in-scope FortiGate devices for unauthorized changes.
Credential Reset:
Reset credentials that may have been exposed through this file or via previous breaches.
Temporary Workaround (If you cannot patch right away):
Disable SSL-VPN functionality, as exploitation requires SSL-VPN to be enabled.
Reporting:
Report incidents or unusual behavior to CISA's 24/7 Operations Center at Report@cisa.gov or (888) 282-0870.