Fortinet FortiOS SSL VPN Out-of-Bounds Write [CVE-2024-21762] Ingrid Two vulnerabilities (CVE-2024-21762/CVE-2024-23113) in FortiOS can potentially lead to arbitrary code execution. Updates are available to remediate these vulnerabilities in affected FortiOS products. Previous workarounds such as disabling the web mode do not work with CVE-2024-21762. These affect multiple versions of Fortinet products, including: FortiOS versions before 7.6 Part of FortiOS version 7.4 and up to/including 7.4.2 FortiProxy 1.0-7.4.2 Severity Fortinet is the reporting CVE Numbering Authority (CNA) and has scored v3.1 as CVSS 9.8 (Critical). We are awaiting NVDs assessment of the vulnerability. Learn more about severity. What To Do See Fortinet recommendations for updating your system. Workarounds are available for CVE-2024-23113, though they may degrade functionality. Resources Bleeping Computer LLC, “New Fortinet RCE flaw in SSL VPN likely exploited in attacks” Fortinet, “FortiOS - Out-of-bound Write in sslvpnd” The Hacker News, “Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation” National Vulnerability Database, “CVE-2024-21762 Detail” Tenable Blog, “CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability” February 9, 2024: Published. Related articles Fortinet FortiOS SSL VPN Out of Bounds Write [CVE-2024-21762] – February 9, 2024 Bitsight & Archer Integrations GET: Credentials Leaks Affecting Your Portfolio Bitsight API: Continuous Monitoring Risk Program Setup: Tier Settings Feedback 0 comments Please sign in to leave a comment.