Fortinet has released updates addressing a critical vulnerability (CVE-2024-21762) in FortiOS. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.6 out of 10. The vulnerability is potentially being actively exploited.
Successful exploitation of this out-of-bounds write vulnerability in FortiOS could allow an unauthenticated attacker to perform remote code execution via maliciously crafted requests.
The vulnerability affects the following product versions:
- FortiOS 7.4.0 through 7.4.2
- FortiOS 7.2.0 through 7.2.6
- FortiOS 7.0.0 through 7.0.13
- FortiOS 6.4.0 through 6.4.14
- FortiOS 6.2.0 through 6.2.15
- FortiOS 6.0 all versions
Users and administrators of affected product versions are advised to update to the latest version immediately.
More information is available here:
https://www.fortiguard.com/psirt/FG-IR-24-015https://www.bleepingcomputer.com/news/security/new-fortinet-rce-flaw-in-ssl-vpn-likely-exploited-in-attacks/