cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kyaw_Myo_Oo
Contributor II

New Fortinet RCE flaw in SSL VPN likely exploited in attacks

Dear all,

 

Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks.

The flaw (tracked as CVE-2024-21762 / FG-IR-24-015) received a 9.6 severity rating and is an out-of-bounds write vulnerability in FortiOS that allows unauthenticated attackers to gain remote code execution (RCE) via maliciously crafted requests.

 

New Fortinet RCE flaw in SSL VPN likely exploited in attacks (bleepingcomputer.com)

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSE | CISSP | PMP
2 Replies
Early_Adopter
Community Champion

Ouch.

Big issue with these admittedly impressive multi-function god boxes is that it gets harder to cover everything. RCE is a real oversight.
Kyaw_Myo_Oo
Contributor II

Thanks for sharing your thoughts and views @Early_Adopter .

 

 

Kyaw Myo Oo
Manager , CB BANK PCL
CCIE #58769 | PCNSE | CCSE | CISSP | PMP