Active Exploitation of Critical Vulnerability in FortiOS

Published on 09 Feb 2024 | Updated on 09 Feb 2024

Fortinet has released updates addressing a critical vulnerability (CVE-2024-21762) in FortiOS. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.6 out of 10. The vulnerability is potentially being actively exploited.

Successful exploitation of this out-of-bounds write vulnerability in FortiOS could allow an unauthenticated attacker to perform remote code execution via maliciously crafted requests.

The vulnerability affects the following product versions:
  • FortiOS 7.4.0 through 7.4.2
  • FortiOS 7.2.0 through 7.2.6
  • FortiOS 7.0.0 through 7.0.13
  • FortiOS 6.4.0 through 6.4.14
  • FortiOS 6.2.0 through 6.2.15
  • FortiOS 6.0 all versions
Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:
https://www.fortiguard.com/psirt/FG-IR-24-015
https://www.bleepingcomputer.com/news/security/new-fortinet-rce-flaw-in-ssl-vpn-likely-exploited-in-attacks/