Fortinet warns about a new critical vulnerability in FortiOS SSL VPN that could be used in attacks. The flaw, known as CVE-2024-21762 / FG-IR-24-015, has a severity rating of 9.6.
It is an out-of-bounds write vulnerability in FortiOS. This vulnerability enables unauthenticated attackers to execute remote code by using malicious requests.
On June 5, 2025, CISA released seven advisories regarding Industrial Control Systems (ICS) that highlight current security issues, vulnerabilities, and...
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and...
Cybersecurity researcher Jeremiah Fowler discovered an unprotected database with 3,637,107 records likely from a no-code app-building platform. The unprotected database,...
Upgrade to the latest version indicated in the following table to fix the bug, as recommended by Fortinet:
Source: Bleeping computer
To protect against the vulnerability, disable SSL VPN on your FortiOS devices.
This flaw was disclosed today along with CVE-2024-23113 (Critical/9.8 rating), CVE-2023-44487 (Medium), and CVE-2023-47537 (Medium). However, these flaws are not marked as being exploited in the wild.