Chinese state-sponsored cyber threat actors continue to represent a major threat for any organization. In the current geopolitical context, that poses concerns particularly in North America and Europe.
Recent Chinese-sponsored espionage campaigns targeted network edge devices, including Cisco and NetGear routers that were object of a large-scale remediation campaign across the United States. A report released by the Dutch Ministry of Defense on February 6, 2024 draws attention to the established Chinese tactics of targeting vulnerabilities in software such as Fortigate VPN, Pulse Secure and most recently Ivanti Connect Secure as preferential entry points. Specifically, the Dutch government report covers a breach with limited impact carried out via exploitation of a vulnerability in FortiOS SSL VPN (CVE-2022-42475) to deploy a backdoor known as COATHANGER.
In such a threat landscape, recently disclosed vulnerabilities require particular attention of defenders:
CVE-2024-21762 (CVSS 9.6): unauthenticated arbitrary code execution impacting FortiOS SSL VPN.
CVE-2024-23108 (CVSS 9.8) and CVE-2024-23109 (CVSS 9.8): unauthenticated code execution via crafted API requests vulnerabilities impacting Fortinet FortiSIEM.
CVE-2024-22024 (CVSS 8.3): authenticated bypass impacting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateway.