Over 133,000 Fortinet appliances are still vulnerable to a critical flaw — here’s why you need to patch now
Tens of thousands of Fortinet customers are still yet to patch vulnerable appliances


More than 133,000 Fortinet appliances are still vulnerable to a critical bug disclosed in February 2024 affecting its FortiGate product, analysis shows.
Figures from Shadowserver show that despite calls for customers to patch CVE-2024-21762 when it was disclosed last month, hundreds of thousands of devices exposed to the public internet remain vulnerable.
Given a 9.6 CVSS score, the out-of-bounds write vulnerability affects the SSL VPN component for the FortiGate network appliance, and can allow an attacker to execute arbitrary code or commands via a specially crafted HTTP request.
CVE-2024-21762 was one of a number of critical vulnerabilities affecting Fortinet products disclosed in February during what was a particularly turbulent week for the security giant.
The number of Fortinet appliances vulnerable to CVE-2024-21762 was listed at 150,000 just ten days ago on 7 March, with Shadowserver’s most recent figures demonstrating that while customers are patching, they are not doing so quickly enough.
Almost 55,000 vulnerable devices were located in Asia, making up the lion’s share of those still exploitable via the flaw. North America and Europe were the other two regions with significant portions of vulnerable Fortinet appliances at 35,000 and 28,000 respectively.
Fortinet has advised customers that simply disabling webmode within FortiOS and FortiProxy is not a valid workaround, and that organizations running affected versions should disable SSL VPN.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Fortinet has had a difficult 2024 so far
CVE-2024-21762 was at the forefront of a difficult week for the security company in February, which saw a number of critical vulnerabilities disclosed along with a media storm concerning IoT-enabled toothbrushes.
Fortinet was first broadsided by a story warning of the potential for attackers to use IoT-enabled toothbrushes injected with malware to form a 3 million-strong botnet that could be used to carry out DDoS attacks.
Although disputed by Fortinet, a war of words ensued between the company and the Swiss newspaper in which the initial claim was published, creating a PR disaster for Fortinet that wasn’t helped by the disclosure of three critical vulnerabilities, including CVE-2024-21762.
RELATED WEBINAR
Analysis from attack surface management platform Assetnote noted Fortigate is widely deployed among organizations across the world, and thus a pre-auth RCE vulnerability such as CVE-2024-21762 could have significant consequences.
Researchers at Assetnote said they found little in terms of information around indicators of compromise (IOCs) for CVE-2024-21762, but suggested keeping an eye out for any new Node.js processes could be beneficial considering this is not the first FortiGate exploit using this technique.
The firm also added this is by far from a novel security vulnerability, being another instance of a network appliance having serious memory corruption problems, noting it is once again up to admins to ensure they are applying mitigations as and when they are provided.
“As is often the case with these issues the mitigations are known, it's just whether or not they are applied”

Solomon Klappholz is a former staff writer for ITPro and ChannelPro. He has experience writing about the technologies that facilitate industrial manufacturing, which led to him developing a particular interest in cybersecurity, IT regulation, industrial infrastructure applications, and machine learning.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
Everything you need to know about the Fortinet data breach
News Fortinet claims there is no evidence of malicious activity targeting customers in the wake of the breach
By Solomon Klappholz
-
Thousands of Fortinet's FortiGate edge devices were exposed in a Chinese-backed hacking campaign
News Fortinet’s FortiGate devices were found to be at risk of exploitation, and Dutch authorities have issued an alert to at-risk organizations
By Steve Ranger
-
Fortinet will want to forget last week after botched vulnerability disclosures and a war of words over an electric toothbrush caused chaos
News From hyped-up botnets to RCE flaws, Fortinet faces a PR nightmare after a week of security and disclosure blunders
By Solomon Klappholz
-
That electric toothbrush DDoS story you saw might have been a case of mistranslation
News The plausibility of claims originating from an interview in a Swiss newspaper have been called into question
By Ross Kelly