Fortinet FortiOS SSL VPN Out of Bounds Write [CVE-2024-21762] – February 9, 2024 Ingrid Two vulnerabilities (CVE-2024-21762/CVE-2024-23113) in FortiOS can potentially lead to arbitrary code execution. Updates are available to remediate these vulnerabilities in affected FortiOS products. Previous workarounds such as disabling the web mode do not work with CVE-2024-21762. These affect multiple versions of Fortinet products, including: FortiOS versions before 7.6 Part of FortiOS version 7.4 and up to/including 7.4.2 FortiProxy 1.0-7.4.2 See the resource center. Severity Fortinet is the reporting CVE Numbering Authority (CNA) and has scored v3.1 as CVSS 9.8 (Critical). We are awaiting NVDs assessment of the vulnerability. Learn more about severity. Status Resource Status Bitsight Researching detection methods. Fortinet Upgrade recommended. National Vulnerability Database Under analysis. Related articles Fortinet FortiOS SSL VPN Out-of-Bounds Write [CVE-2024-21762] Certificate Authorities Industries Groma Internet Scanning and Data Collection Infrastructure – July 25, 2024 Finding Severity Feedback 0 comments Please sign in to leave a comment.