[[{“value”:”
Fortinet has issued a warning regarding a critical out-of-bounds write vulnerability in FortiOS.
Remote attackers can exploit this vulnerability to execute arbitrary code, posing a significant security threat.
A vulnerability known as CVE-2024-21762 (with a CVSSv3 Score of 9.6) can be taken advantage of through a specific type of HTTP request. This vulnerability enables an attacker to execute code or commands using custom-crafted requests.
Fortinet has suggested disabling SSL VPN VPN VPNs as a workaround to address the security vulnerability affecting SSL VPN web portals. It is important to note that disabling web mode alone is not a valid workaround.
Document
Protect Your Network From Data Breach
Perimeter’s 81 Malware Protection for Network Based Threats
Prevent malware from infecting your network at the delivery stage by intercepting malicious files in transit from their source to the target device’s web browser.
.
Following are the Versions Affected
Version AffectedSolutionFortiOS 7.6 Not affectedNot ApplicableFortiOS 7.47.4.0 through 7.4.2Upgrade to 7.4.3 or aboveFortiOS 7.27.2.0 through 7.2.6Upgrade to 7.2.7 or aboveFortiOS 7.07.0.0 through 7.0.13Upgrade to 7.0.14 or aboveFortiOS 6.46.4.0 through 6.4.14Upgrade to 6.4.15 or aboveFortiOS 6.26.2.0 through 6.2.15Upgrade to 6.2.16 or aboveFortiOS 6.06.0 all versionsMigrate to a fixed release
Fortinet has warned that hackers are actively exploiting the vulnerability in question. Significantly, the exploitation is not limited to theoretical attacks but occurs in real-world scenarios.
FortiSIEM recently addressed several OS command injection vulnerabilities, namely CVE-2024-23108 and CVE-2024-23109, prompting an advisory release.
According to the latest reports, Chinese state-sponsored hackers recently took advantage of a zero-day vulnerability (CVE-2022-42475) in Fortinet’s virtual private network to gain unauthorized access to the Dutch defense networks.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Fortinet Warns of Critical SSL VPN Flaw Exploited Actively in the Wild appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
