www.techradar.com Open in urlscan Pro
151.101.130.114  Public Scan

Form analysis
2 forms found in the DOM

GET https://www.techradar.com/search

<form class="search-box" action="https://www.techradar.com/search" method="GET" data-analytics-id="search-submit" data-before-rewrite-localise="/search" data-component-tracked="19">
  <label for="search-input" class="sr-only">Search TechRadar</label>
  <input tabindex="0" type="search" name="searchTerm" placeholder="Search TechRadar" class="search-input" id="search-input">
  <button type="submit" class="search-submit" aria-label="Search">
    <span class="search-icon">
      <svg class="icon-svg" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 1000">
        <path d="M720 124a422 422 0 1 0-73 654l221 222 132-131-222-222a422 422 0 0 0-58-523zm-92 504a291 291 0 1 1-412-412 291 291 0 0 1 412 411z"></path>
      </svg> </span>
  </button>
</form>

POST https://newsletter-subscribe.futureplc.com/v2/submission/submit

<form data-hydrate="true" class="newsletter-form__form newsletter-form__form--inbodyContent" method="POST" action="https://newsletter-subscribe.futureplc.com/v2/submission/submit"><input data-hydrate="true" type="hidden"
    class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="NAME"><input data-hydrate="true" type="email" class="form__email-input form_input form__email-input form__email-input--inbodyContent" name="MAIL"
    required="" placeholder="Your Email Address"><input data-hydrate="true" type="hidden" class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="NEWSLETTER_CODE" value="XTP-X"><input data-hydrate="true"
    type="hidden" class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="LANG" value="EN"><input data-hydrate="true" type="hidden"
    class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="SOURCE" value="60"><input data-hydrate="true" type="hidden"
    class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="COUNTRY"><label class="form__checkbox-label"><input data-hydrate="true" type="checkbox"
      class="form__checkbox-input form_input form__checkbox-input form__checkbox-input--inbodyContent" name="CONTACT_OTHER_BRANDS">Contact me with news and offers from other Future brands</label><label class="form__checkbox-label"><input
      data-hydrate="true" type="checkbox" class="form__checkbox-input form_input form__checkbox-input form__checkbox-input--inbodyContent" name="CONTACT_PARTNERS">Receive email from us on behalf of our trusted partners or sponsors</label><input
    data-hydrate="true" type="submit" class="form__submit-input form_input form__submit-input form__submit-input--inbodyContent" required="" value="Sign me up"></form>

Text Content

Skip to main content

Tech Radar
 * Tech Radar Pro
 * Tech Radar Gaming

Open menu Close menu
Tech Radar Pro TechRadar the business technology experts
Search
Search TechRadar
RSS

US Edition


Asia

Singapore

Europe

Danmark


Suomi


Norge


Sverige


UK


Italia


Nederland


België (Nederlands)


France


Deutschland


España

North America

US (English)


Canada


México

Australasia

Australia


New Zealand

 * 
 * News
 * Reviews
 * Features
 * Expert Insights
 * Website builders
 * Web hosting
 * Security





Trending
 * Expert Insights
 * Best web hosting
 * Best website builder
 * Best standing desks



When you purchase through links on our site, we may earn an affiliate
commission. Here’s how it works.


 1. Pro
 2. Security


THOUSANDS OF FORTINET DEVICES COULD FACE ATTACK FOLLOWING SECURITY ISSUE

News
By Sead Fadilpašić
published March 12, 2024

A patch for a high-severity flaw has been available for a month

 * 
 * 
 * 
 * 
 * 
 * 


(Image credit: Future)


Hackers have a pool of almost 150,000 vulnerable Fortinet FortiOS and FortiProxy
instances which they can use to execute malicious code without authentication,
experts have warned.



A month ago, Fortinet released a patch for a critical vulnerability tracked as
CVE-2024-21762 (severity score 9.8), but it seems many admins aren’t diligently
installing the fixes. To make matters worse, this flaw was already added to
Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited
Vulnerabilities (KEV), meaning hackers are actively taking advantage of it. 



However, the details about hackers abusing the flaw are scarce. That could
either mean that public platforms aren’t showing this activity, or the flaw is
being used by highly sophisticated threat actors.





PATCHING THE FLAWS

Now, BleepingComputer has spoken to Shadowserver’s Piotr Kijevski, who said that
the organization scans the internet for vulnerable versions, but since
workarounds and mitigations are also available, it could be that the number of
vulnerable endpoints is somewhat lower. The majority of the potential targets,
the organization further said, was in the United States (24,000), followed by
India, Brazil, and Canada.

LATEST VIDEOS FROM techradar Tech Radar Pro



As per the National Vulnerability Database, this critical vulnerability is an
out-of-bounds write flaw, plaguing multiple versions of FortiOS, and FortiProxy.
Theoretically, an attacker could execute unauthorized code on vulnerable
devices, using specifically crafted requests. 



Fortinet’s products are popular among small and medium-sized businesses (SMB),
which makes them a prime target for cybercriminals. As a result, the company
often releases security patches and urges customers to apply them without
hesitation. 

In early July 2023, it was said that “hundreds of thousands” of FortiGate
firewalls were vulnerable to CVE-2023-27997, a heap-based buffer overflow
vulnerability with a 9.8 severity score. 


ARE YOU A PRO? SUBSCRIBE TO OUR NEWSLETTER

Sign up to the TechRadar Pro newsletter to get all the top news, opinion,
features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on
behalf of our trusted partners or sponsors
By submitting your information you agree to the Terms & Conditions and Privacy
Policy and are aged 16 or over.

This flaw affected FortiOS and FortiProxy devices with SSL-VPN enabled. In March
the same year, unknown hackers targeted certain US government networks with a
zero-day vulnerability found in a Fortinet product. It was later reported that
the attackers abused CVE-2022-41328 - an improper limitation of a pathname to a
restricted directory vulnerability ('path traversal') [CWE-22] in FortiOS, which
could have allowed a privileged attacker “to read and write arbitrary files via
crafted CLI commands."


MORE FROM TECHRADAR PRO

 * Fortinet flaws are being exploited in attacks on government
 * Here's a list of the best firewalls around today
 * These are the best endpoint security tools right now

Sead Fadilpašić
Social Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and
Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity
(ransomware, data breaches, laws and regulations). In his career, spanning more
than a decade, he’s written for numerous media outlets, including Al Jazeera
Balkans. He’s also held several modules on content writing for Represent
Communications.

More about security

Visa warns dangerous new malware is attacking financial firms



How to set up port forwarding with PureVPN


Latest

New DJI Avata 2 drone leaks reveal design, features, pricing, and more

See more latest ►





MOST POPULAR

The next Google Pixel update could bust nuisance callers

By James IdeApril 05, 2024

Henry Cavill's critically panned Argylle movie is coming to Apple TV Plus very
soon

By Tom PowerApril 05, 2024

The Galaxy Z Flip 5 just received new AI features – and it's now cheaper than
ever

By Alex WhitelockApril 05, 2024

AMD Zen 5 may not be a huge boost, but leaker reckons next-gen CPUs are exciting
and could beat out Intel Arrow Lake

By Darren AllanApril 05, 2024

Best Buy's weekend sale starts now - shop 15 unbelievable deals that I recommend

By Mackenzie FrazierApril 05, 2024

8BitDo announces Apple Vision Pro compatibility for a range of gaming
peripherals

By Dashiell WoodApril 05, 2024

Cisco launches AI job consortium to see which roles will be most affected by AI

By Craig HaleApril 05, 2024

Mission’s new bookshelf speakers will turn your sound upside down

By Carrie MarshallApril 05, 2024

When is Fortnite OG coming back?

By Jake GreenApril 05, 2024

7 new movies and TV shows to stream on Netflix, Prime Video, Max, and more this
weekend (April 5)

By Axel MetzApril 05, 2024

Ivanti bugs are still being targeted by Chinese hackers, Google warns

By Sead FadilpašićApril 05, 2024



MOST POPULARMOST SHARED
 1. 1
    Meta teases its next big hardware release: its first AR glasses, and we're
    excited
 2. 2
    Programmers got PSP games running on the PlayStation Portal, then
    “responsibly reported” the exploit so it could be patched
 3. 3
    8 new horror movies on Max, Paramount Plus, Shudder and more in April 2024
 4. 4
    New Philips Hue update makes using your smart lights a whole lot easier
 5. 5
    Pro-Ject's two new affordable turntables promise audiophile quality for less

 1. 1
    Gear up for the AI gaming revolution with AORUS 16X and GIGABYTE G6X
 2. 2
    Buying a new TV in 2024? Make it a Sony
 3. 3
    Is 7 years of software support a gimmick? My 4-year-old Samsung Galaxy S20
    just gave me the answer
 4. 4
    Meta teases its next big hardware release: its first AR glasses, and we're
    excited
 5. 5
    Leaked iPhone 16 dummy units show design changes for all four phones



TechRadar is part of Future US Inc, an international media group and leading
digital publisher. Visit our corporate site.

 * About Us
 * Contact Future's experts
 * Contact Us
 * Terms and conditions
 * Privacy policy
 * Cookies policy
 * Advertise with us
 * Web notifications
 * Accessibility Statement
 * Careers

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.