Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation

By neub9
1 Min Read

Feb 09, 2024


Zero Day Vulnerability / Network Security

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild.

The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands.

“A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests,” the company said in a bulletin released Thursday.

It further acknowledged that the issue is “potentially being exploited in the wild,” without giving additional specifics about how it’s being weaponized and by whom.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *