Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation

Fortinet, a global leader in broad, integrated, and automated cybersecurity solutions, has issued a warning about a critical vulnerability in its FortiOS SSL VPN, likely already under active exploitation. The flaw, identified as CVE-2024-21762 with a CVSS score of 9.6, permits the execution of arbitrary code and commands. Referred to as an out-of-bounds write vulnerability [CWE-787], it may allow a remote, unauthenticated attacker to execute arbitrary code or command using specially crafted requests. This disclosure demonstrates the ongoing threat that cyber vulnerabilities pose to global cyber infrastructure.

Published: Fri, 09 Feb 2024 11:06:00 +0530