Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild.
The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands.
“A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests,” the company said in a bulletin released Thursday.
It further acknowledged that the issue is “potentially being exploited in the wild,” without giving additional specifics about how it’s being weaponized and by whom.
…