topic Re: New Fortinet RCE flaw in SSL VPN likely exploited in attacks in Threats https://community.isc2.org/t5/Threats/New-Fortinet-RCE-flaw-in-SSL-VPN-likely-exploited-in-attacks/m-p/67111#M1073 Ouch.<BR /><BR />Big issue with these admittedly impressive multi-function god boxes is that it gets harder to cover everything. RCE is a real oversight. Sat, 10 Feb 2024 11:59:35 GMT Early_Adopter 2024-02-10T11:59:35Z New Fortinet RCE flaw in SSL VPN likely exploited in attacks https://community.isc2.org/t5/Threats/New-Fortinet-RCE-flaw-in-SSL-VPN-likely-exploited-in-attacks/m-p/67108#M1071 <P>Dear all,</P><P>&nbsp;</P><P>Fortinet is warning that a new critical remote code execution vulnerability in FortiOS&nbsp;SSL VPN is potentially being exploited in attacks.</P><P>The flaw (tracked as CVE-2024-21762&nbsp;/&nbsp;<A href="https://www.fortiguard.com/psirt/FG-IR-24-015" target="_blank" rel="nofollow noopener">FG-IR-24-015</A>) received a 9.6 severity rating and is an out-of-bounds write vulnerability in FortiOS&nbsp;that allows&nbsp;unauthenticated attackers to gain remote code execution (RCE) via maliciously crafted requests.</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/new-fortinet-rce-flaw-in-ssl-vpn-likely-exploited-in-attacks/" target="_blank">New Fortinet RCE flaw in SSL VPN likely exploited in attacks (bleepingcomputer.com)</A></P><P>&nbsp;</P><P>&nbsp;</P> Sat, 10 Feb 2024 09:20:49 GMT https://community.isc2.org/t5/Threats/New-Fortinet-RCE-flaw-in-SSL-VPN-likely-exploited-in-attacks/m-p/67108#M1071 Kyaw_Myo_Oo 2024-02-10T09:20:49Z Re: New Fortinet RCE flaw in SSL VPN likely exploited in attacks https://community.isc2.org/t5/Threats/New-Fortinet-RCE-flaw-in-SSL-VPN-likely-exploited-in-attacks/m-p/67111#M1073 Ouch.<BR /><BR />Big issue with these admittedly impressive multi-function god boxes is that it gets harder to cover everything. RCE is a real oversight. Sat, 10 Feb 2024 11:59:35 GMT https://community.isc2.org/t5/Threats/New-Fortinet-RCE-flaw-in-SSL-VPN-likely-exploited-in-attacks/m-p/67111#M1073 Early_Adopter 2024-02-10T11:59:35Z Re: New Fortinet RCE flaw in SSL VPN likely exploited in attacks https://community.isc2.org/t5/Threats/New-Fortinet-RCE-flaw-in-SSL-VPN-likely-exploited-in-attacks/m-p/67114#M1074 <P>Thanks for sharing your thoughts and views&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/797288093">@Early_Adopter</a>&nbsp;.</P><P>&nbsp;</P><P>&nbsp;</P> Sat, 10 Feb 2024 15:02:16 GMT https://community.isc2.org/t5/Threats/New-Fortinet-RCE-flaw-in-SSL-VPN-likely-exploited-in-attacks/m-p/67114#M1074 Kyaw_Myo_Oo 2024-02-10T15:02:16Z