Approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows code execution without authentication.
CISA confirmed active exploitation of a critical remote code execution (RCE) bug in Fortinet’s FortiOS, urging immediate security updates or SSL VPN disabling to mitigate the risk.
The vulnerability affects various versions of FortiOS, and the recommended solution includes upgrading to specific versions or migrating to a fixed release to address the flaw.
Feb 09, 2024NewsroomZero Day Vulnerability / Network Security Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands. “A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a […]
Fortinet has released patches for a high-severity cross-site scripting (XSS) vulnerability impacting multiple FortiOS and FortiProxy versions. Tracked as CVE-2023-29183 (CVSS score of 7.3), the security defect is described as an “improper neutralization of input during web page generation”. Successful exploitation of the bug, Fortinet explains in an advisory, may allow an authenticated attacker to […]