Customer portal
Flash Alert

Flash Alert – Significant vulnerability in FortiOS

CVE-2024-21762
CVSS: 9.8 CRITICAL

Fortinet has disclosed a significant vulnerability in FortiOS, their network operating system. 

An out-of-bounds write issue is present in multiple versions of the product, potentially allowing any threat actor to remotely execute code and commands without authorisation, by utilising specifically crafted HTTP requests.

The vulnerability impacts the following:

Fortinet FortiOS versions
7.4.0 through 7.4.2
7.2.0 through 7.2.6
7.0.0 through 7.0.13
6.4.0 through 6.4.14
6.2.0 through 6.2.15
6.0.0 through 6.0.17
FortiProxy versions
7.4.0 through 7.4.2
7.2.0 through 7.2.8
7.0.0 through 7.0.14
2.0.0 through 2.0.13
1.2.0 through 1.2.13
1.1.0 through 1.1.6
1.0.0 through 1.0.7

Fortinet has detailed a workaround; disabling SSL VPN, and has provided guidance on ensuring that any affected products are updated. They have further disclosed their belief that this vulnerability is being exploited in the wild. 

This comes soon after the discovery of Chinese APT VOLT TYPHOON actively targeting FortiOS to deploy their custom malware COATHANGER, including against the Dutch Ministry of Defence.

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound