Fortinet Warns of Critical SSL VPN Flaw Exploited Actively in the Wild
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Fortinet has issued a warning regarding a critical out-of-bounds write vulnerability in FortiOS.
Remote attackers can exploit this vulnerability to execute arbitrary code, posing a significant security threat.
A vulnerability known as CVE-2024-21762 (with a CVSSv3 Score of 9.6) can be taken advantage of through a specific type of HTTP request. This vulnerability enables an attacker to execute code or commands using custom-crafted requests.
Fortinet has suggested disabling SSL VPN as a workaround to address the security vulnerability affecting SSL VPN web portals. It is important to note that disabling web mode alone is not a valid workaround.
📁🄳🄾🄲🅄🄼🄴🄽🅃
Following are the Versions Affected
Version Affected Solution FortiOS 7.6 Not affectedNot ApplicableFortiOS 7.47.4.0 through 7.4.2Upgrade to 7.4.3 or aboveFortiOS 7.27.2.0 through 7.2.6Upgrade to 7.2.7 or aboveFortiOS 7.07.0.0 through 7.0.13Upgrade to 7.0.14 or aboveFortiOS 6.46.4.0 through 6.4.14Upgrade to 6.4.15 or aboveFortiOS 6.26.2.0 through 6.2.15Upgrade to 6.2.16 or aboveFortiOS 6.06.0 all versionsMigrate to a fixed release
Fortinet has warned that hackers are actively exploiting the vulnerability in question. Significantly, the exploitation is not limited to theoretical attacks but occurs in real-world scenarios.
FortiSIEM recently addressed several OS command injection vulnerabilities, namely CVE-2024-23108 and CVE-2024-23109, prompting an advisory release.
According to the latest reports, Chinese state-sponsored hackers recently took advantage of a zero-day vulnerability (CVE-2022-42475) in Fortinet’s virtual private network to gain unauthorized access to the Dutch defense networks.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #fortinet_SSL_VPN_Flaw #vulnerability
Оригинальная версия на сайте:
Fortinet Warns of Critical SSL VPN Flaw Exploited Actively in the Wild
Author: GuruFortinet has issued a warning regarding a critical out-of-bounds write vulnerability in FortiOS.
Remote attackers can exploit this vulnerability to execute arbitrary code, posing a significant security threat.
A vulnerability known as CVE-2024-21762 (with a CVSSv3 Score of 9.6) can be taken advantage of through a specific type of HTTP request. This vulnerability enables an attacker to execute code or commands using custom-crafted requests.
Fortinet has suggested disabling SSL VPN as a workaround to address the security vulnerability affecting SSL VPN web portals. It is important to note that disabling web mode alone is not a valid workaround.
📁🄳🄾🄲🅄🄼🄴🄽🅃
Following are the Versions Affected
Version Affected Solution FortiOS 7.6 Not affectedNot ApplicableFortiOS 7.47.4.0 through 7.4.2Upgrade to 7.4.3 or aboveFortiOS 7.27.2.0 through 7.2.6Upgrade to 7.2.7 or aboveFortiOS 7.07.0.0 through 7.0.13Upgrade to 7.0.14 or aboveFortiOS 6.46.4.0 through 6.4.14Upgrade to 6.4.15 or aboveFortiOS 6.26.2.0 through 6.2.15Upgrade to 6.2.16 or aboveFortiOS 6.06.0 all versionsMigrate to a fixed release
Fortinet has warned that hackers are actively exploiting the vulnerability in question. Significantly, the exploitation is not limited to theoretical attacks but occurs in real-world scenarios.
FortiSIEM recently addressed several OS command injection vulnerabilities, namely CVE-2024-23108 and CVE-2024-23109, prompting an advisory release.
According to the latest reports, Chinese state-sponsored hackers recently took advantage of a zero-day vulnerability (CVE-2022-42475) in Fortinet’s virtual private network to gain unauthorized access to the Dutch defense networks.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #fortinet_SSL_VPN_Flaw #vulnerability
Оригинальная версия на сайте:
