Fortinet warns about a new critical vulnerability in FortiOS SSL VPN that could be used in attacks. The flaw, known as CVE-2024-21762 / FG-IR-24-015, has a severity rating of 9.6.
It is an out-of-bounds write vulnerability in FortiOS. This vulnerability enables unauthenticated attackers to execute remote code by using malicious requests.
Russia's media censor, Roskomnadzor, has blocked thousands of local websites using Cloudflare's encryption feature that enhances online privacy and security....
Cisco has fixed a critical vulnerability, CVE-2024-20418, that allowed unauthenticated remote attackers to gain root access on Ultra-Reliable Wireless Backhaul...
Upgrade to the latest version indicated in the following table to fix the bug, as recommended by Fortinet:
To protect against the vulnerability, disable SSL VPN on your FortiOS devices.
This flaw was disclosed today along with CVE-2024-23113 (Critical/9.8 rating), CVE-2023-44487 (Medium), and CVE-2023-47537 (Medium). However, these flaws are not marked as being exploited in the wild.