Pakistan Telecommunication Authority (PTA) has issued a critical cybersecurity advisory regarding a major vulnerability in Fortinet devices. This flaw, identified as CVE-2024-21762, affects Fortinet’s FortiOS and FortiProxy systems, widely used for secure network access.
The vulnerability allows attackers to remotely execute malicious code (RCE) on vulnerable devices. This can be achieved by exploiting a flaw in how these systems handle file paths.
The advisory classifies this as a high-risk Remote Code Execution (RCE) threat. The impacted software includes not only FortiOS and FortiProxy, but also FortiSwitchManager and FortiAnalyzer. With an estimated 150,000 potentially vulnerable devices worldwide, the urgency to address this issue is high.
PTA recommends immediate action. The most effective solution is to install the official patches released by Fortinet. As a temporary measure, disabling the HTTP/HTTPS administrative interface or restricting access to trusted IPs can offer some protection. However, PTA emphasizes that these temporary measures are not a substitute for patching the vulnerability.
Organizations are urged to monitor their systems for suspicious activity and ensure timely updates are applied. Regularly checking Fortinet’s official advisories for the latest information is crucial. In case of a security incident, PTA recommends reporting it through their CERT Portal and via email for a swift response.
