The Department of Information and Communications Technology (DICT) through the National Cyber Security Center (NCSC) issues this advisory to alert all PNG Government departments, agencies, and organizations about a critical vulnerability discovered in Fortinet’s FortiOS operating system products.
Fortinet, a prominent provider of security solutions like firewalls, endpoint security and intrusion detection systems, has publicly announced on February 8, 2024, the existence of a critical vulnerability in products using their FortiOS operating system.
This vulnerability poses a significant risk as it could compromise the confidentiality, integrity, or availability of affected systems.
The identified vulnerability is categorized under the Common Vulnerabilities and Exposures (CVE) system with the following reference number: CVE-2024-21762.
If successfully exploited, this vulnerability may allow a remote unauthenticated attacker to execute arbitrary code or command on the targeted system. Fortinet has issued patches to fix the issue on affected devices.
The risk of remote exploitation of this vulnerability is particularly high as devices running FortiOS operating system will typically be connected directly to the internet. This vulnerability is potentially being exploited in the wild.
The vulnerable versions of Fortinet FortiOS operating system products that require immediate attention are as follows:
1. FortiOS 7.4.0 through to 7.4.2
2. FortiOS 7.2.0 through to 7.2.6
3. FortiOS 7.0.0 through to 7.0.13
4. FortiOS 6.4.0 through to 6.4.14
5. FortiOS 6.2.0 through to 6.2.15
6. FortiOS 6.0 all versions
7. FortiProxy 7.4.0 through to 7.4.2
8. FortiProxy 7.2.0 through to 7.2.8
9. FortiProxy 7.0.0 through to 7.0.14
10. FortiProxy 2.0.0 through to 2.0.13
11. FortiProxy 1.2 all versions
12. FortiProxy 1.1 all versions
13. FortiProxy 1.0 all versions
To safeguard your organization’s systems and data, DICT and NCSC strongly recommend taking the following actions:
1. Review Networks: All PNG Government departments, agencies, and organizations are urged to conduct a comprehensive review of their networks to identify any FortiOS operating system products that are vulnerable.
2. Install Patches: If your organization is utilizing any of the vulnerable versions mentioned above, it is imperative to install the relevant official patches provided by Fortinet without delay.
3. Discontinue the use of SSL VPN functionality if you are unable to apply patches.
For more detailed information and specific instructions regarding the vulnerability and updates, we encourage you to refer to the official Fortinet Advisory through the following link: Citrix ADC and Citrix Gateway Security Bulletin.
Prompt action is crucial in addressing this critical vulnerability to ensure the security and stability of your organization’s systems and data. By remaining vigilant and keeping your infrastructure up-to-date, you can effectively safeguard against potential cyber threats. The NCSC and the Department of ICT are dedicated to promoting a secure digital environment, and we encourage all stakeholders to adhere to the recommended actions for enhanced cybersecurity resilience.
For any further assistance or inquiries, please reach out to the National Cyber Security Center (NCSC). Together, let us prioritize cybersecurity and protect Papua New Guinea’s digital landscape.
#cybersafety #cybersecurity #DigitalTransformation #digitaltransformation2024 #DigitalGovernment #ICT #government #people #PapuaNewGuinea