all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability

Add to bookmarks
Feb. 9, 2024, 6:15 p.m. | Satnam Narang

Cyber Exposure Alerts www.tenable.com

Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. critical infrastructure through exploitation of known vulnerabilities

Background

On February 8, Fortinet published an advisory (FG-IR-24-015) to address a critical flaw in FortiOS, its network operating system.

CVEDescriptionCVSSv3SeverityCVE-2024-21762Fortinet FortiOS Out-of-bound Write Vulnerability in sslvpnd9.6Critical

Additionally, Fortinet patched three other vulnerabilities in FortiOS and FortiProxy, including a fix for the HTTP/2 …

address advisory chinese critical critical flaw critical infrastructure cve exploitation exploited february flaw fortinet fortinet fortios fortios government government agencies infrastructure network operating system positioning sponsored ssl ssl vpn state system threat threat actors vpn vulnerability

Visit resource

More from www.tenable.com / Cyber Exposure Alerts

CVE-2024-4577: Proof of Concept Available for PHP-CGI Argument Injection Vulnerability 2 days, 5 hours ago | www.tenable.com
Rockwell Automation: Disconnect OT Devices with Public-Facing Internet Access, Patch or Mitigate Logix, FactoryTalk CVEs 4 days ago | www.tenable.com
access advisory automation best practices +22
CVE-2024-4358, CVE-2024-1800: Exploit Code Available for Critical Exploit Chain in Progress Telerik Report Server 5 days, 10 hours ago | www.tenable.com
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action … 6 days, 9 hours ago | www.tenable.com
abusing action attention azure +16
CVE-2024-24919: Check Point Security Gateway Information Disclosure Zero-Day Exploited in the Wild 1 week, 4 days ago | www.tenable.com
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040) 3 weeks, 5 days ago | www.tenable.com
addresses critical critical vulnerability cve +15
CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities 1 month ago | www.tenable.com
big big-ip big-ip next central manager centralized management +18
CVE-2024-20353, CVE-2024-20359: Frequently Asked Questions About ArcaneDoor 1 month, 2 weeks ago | www.tenable.com
adaptive security arcanedoor blog called +15
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited 1 month, 2 weeks ago | www.tenable.com
advisory april crushftp customers +23

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com