- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
Fortinet Warns of Critical SSL VPN Flaw Exploited Actively in the WildAuthor: Guru
Fortinet has issued a warning regarding a critical out-of-bounds write vulnerability in FortiOS.
Remote attackers can exploit this vulnerability to execute arbitrary code, posing a significant security threat.
A vulnerability known as CVE-2024-21762 (with a CVSSv3 Score of 9.6) can be taken advantage of through a specific type of HTTP request. This vulnerability enables an attacker to execute code or commands using custom-crafted requests.
Fortinet has suggested disabling SSL VPN as a workaround to address the security vulnerability affecting SSL VPN web portals. It is important to note that disabling web mode alone is not a valid workaround.
Following are the Versions Affected
Version Affected Solution FortiOS 7.6 Not affectedNot ApplicableFortiOS 184.108.40.206 through 7.4.2Upgrade to 7.4.3 or aboveFortiOS 220.127.116.11 through 7.2.6Upgrade to 7.2.7 or aboveFortiOS 7.07.0.0 through 7.0.13Upgrade to 7.0.14 or aboveFortiOS 18.104.22.168 through 6.4.14Upgrade to 6.4.15 or aboveFortiOS 22.214.171.124 through 6.2.15Upgrade to 6.2.16 or aboveFortiOS 6.06.0 all versionsMigrate to a fixed release
Fortinet has warned that hackers are actively exploiting the vulnerability in question. Significantly, the exploitation is not limited to theoretical attacks but occurs in real-world scenarios.
FortiSIEM recently addressed several OS command injection vulnerabilities, namely CVE-2024-23108 and CVE-2024-23109, prompting an advisory release.
According to the latest reports, Chinese state-sponsored hackers recently took advantage of a zero-day vulnerability (CVE-2022-42475) in Fortinet’s virtual private network to gain unauthorized access to the Dutch defense networks.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #fortinet_SSL_VPN_Flaw #vulnerability
Оригинальная версия на сайте: