Security News > 2024 > February > Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation
2024-02-09 07:45
Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands. "A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially
News URL
https://thehackernews.com/2024/02/fortinet-warns-of-critical-fortios-ssl.html
Related news
- Critical Fortinet flaw may impact 150,000 exposed devices (source)
- Fortinet warns of critical RCE bug in endpoint management software (source)
- More than 133,000 Fortinet appliances still vulnerable to month-old critical bug (source)
- CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-09 | CVE-2024-21762 | Out-of-bounds Write vulnerability in Fortinet Fortios A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests | 9.8 |