Cyber Security News

Fortinet Warns of Critical SSL VPN Flaw Exploited Actively in the Wild

by Esmeralda McKenzie
written by Esmeralda McKenzie
Fortinet Warns of Critical SSL VPN Flaw Exploited Actively in the Wild

Fortinet Warns of Critical SSL VPN Flaw Exploited Actively in the Wild

Fortinet Warns of Crucial SSL VPN Flaw Exploited Actively in the Wild

Fortinet has issued a warning with regards to a extreme out-of-bounds write vulnerability in FortiOS.

A long way-off attackers can exploit this vulnerability to realize arbitrary code, posing a fundamental security menace.

A vulnerability identified as CVE-2024-21762 (with a CVSSv3 Receive of 9.6) may perhaps well moreover perchance be taken good thing about through a particular form of HTTP quiz. This vulnerability enables an attacker to realize code or instructions the consume of custom-made-crafted requests.

Fortinet has urged disabling SSL VPN as a workaround to handle the security vulnerability affecting SSL VPN web portals. It’s a necessity to pronounce that disabling web mode on my own just is not very a sound workaround.

Doc

Provide protection to Your Community From Recordsdata Breach

Perimeter’s 81 Malware Security for Community Essentially based Threats

Cease malware from infecting your network at the supply stage by intercepting malicious files in transit from their source to the target machine’s web browser. .

Following are the Versions Affected

Version Affected Solution
FortiOS 7.6 No longer affected No longer Relevant
FortiOS 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above
FortiOS 7.2 7.2.0 through 7.2.6 Upgrade to 7.2.7 or above
FortiOS 7.0 7.0.0 through 7.0.13 Upgrade to 7.0.14 or above
FortiOS 6.4 6.4.0 through 6.4.14 Upgrade to 6.4.15 or above
FortiOS 6.2 6.2.0 through 6.2.15 Upgrade to 6.2.16 or above
FortiOS 6.0 6.0 all versions Migrate to a difficult and speedy birth

Fortinet has warned that hackers are actively exploiting the vulnerability in search info from. Greatly, the exploitation just is not very restricted to theoretical assaults but happens in proper-world scenarios.

FortiSIEM not too long ago addressed several OS uncover injection vulnerabilities, particularly CVE-2024-23108 and CVE-2024-23109, prompting an advisory birth.

In step with the most up-to-date stories, Chinese narrate-subsidized hackers not too long ago took good thing about a 0-day vulnerability (CVE-2022-42475) in Fortinet’s digital interior most network to make unauthorized score real of entry to to the Dutch protection networks.

Source credit : cybersecuritynews.com

Related Posts

Google Chrome 127 Released With Fix for Vulnerabilities...

CrowdStrike Details Incident Affected Millions of Windows Systems...

IPFire Unveils New Feature to Protect Systems from...

Play Ransomware Variant Attacking Linux ESXi Servers

Google Researchers Detailed Tools Used by APT41 Hacker...

Threat Actors Hijacking Facebook Accounts With Password Stealing...

Weekly Cyber Security News Letter – Data Breaches,...

CrowdStrike Releases Fix for Updates Causing Windows to...

Cisco Smart Software Manager Flaw Let Attackers Change...

Killer Ultra Malware Attacking EDR Tools From Symantec,...