Advertisements
The U.S. CISA adds Fortinet FortiOS Out-of-Bound write vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Fortinet has warned that the recently discovered critical remote code execution vulnerability in FortiOS SSL VPN, tracked as CVE-2024-21762 (CVSS score 9.6), is actively exploited in attacks in the wild
The security firm did not provide details about the attacks exploiting this vulnerability.
The issue is an out-of-bounds write vulnerability that can be exploited by sending specially crafted HTTP requests to vulnerable instances. The vendor recommends disabling SSL VPN as a workaround.
CISA orders federal agencies to fix this vulnerability by February 16, 2024.
