Fortinet on Thursday announced patches for a critical remote code execution vulnerability in FortiOS that may have been exploited in the wild.
The security hole, tracked as CVE-2024-21762, impacts FortiOS versions 6.0, 6.2, 6.4, 7.0, 7.2 and 7.4.
Patches have been released for each impacted version, except for 6.0 - 6.0 users are being advised to migrate to a newer version.
FortiOS 7.6 is not affected by the vulnerability.
As a workaround, users can disable the SSL VPN feature.
Disabling the SSL VPN web mode does not mitigate the vulnerability, Fortinet said.
The vulnerability is described as an out-of-bounds write issue that can be exploited by a remote, unauthenticated attacker for arbitrary code execution using specially crafted HTTP requests.
Fortinet has not shared any information on the attacks potentially exploiting CVE-2024-21762, but the company's advisory came just as it revealed that some customers have yet to patch two older vulnerabilities, CVE-2022-42475 and CVE-2023-27997, which have been exploited in attacks by APTs linked to China and other countries.
The Chinese threat group named Volt Typhoon has been known to target Fortinet devices - in addition to products from Cisco and Netgear - in an effort to ensnare them in a botnet.
Fortinet announced patches for CVE-2024-23113, an internally discovered issue that can be exploited for unauthenticated remote code execution.
This Cyber News was published on www.securityweek.com. Publication date: Fri, 09 Feb 2024 12:13:05 +0000