Feb. 9, 2024, 6:15 p.m. | Satnam Narang

Cyber Exposure Alerts www.tenable.com

Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. critical infrastructure through exploitation of known vulnerabilities

Background

On February 8, Fortinet published an advisory (FG-IR-24-015) to address a critical flaw in FortiOS, its network operating system.

CVEDescriptionCVSSv3SeverityCVE-2024-21762Fortinet FortiOS Out-of-bound Write Vulnerability in sslvpnd9.6Critical

Additionally, Fortinet patched three other vulnerabilities in FortiOS and FortiProxy, including a fix for the HTTP/2 …

address advisory chinese critical critical flaw critical infrastructure cve exploitation exploited february flaw fortinet fortinet fortios fortios government government agencies infrastructure network operating system positioning sponsored ssl ssl vpn state system threat threat actors vpn vulnerability

More from www.tenable.com / Cyber Exposure Alerts

Deputy Chief Information Security Officer

@ United States Holocaust Memorial Museum | Washington, DC

Humbly Confident Security Lead

@ YNAB | Remote

Information Technology Specialist II: Information Security Engineer

@ WBCP, Inc. | Pasadena, CA.

Head of Incident Response

@ Halcyon | Remote

Consultant Sénior Cyber Sécurité H/F

@ Hifield | Lyon, France

Staff Application Security Engineer (AppSec) - Open to remote across ANZ

@ Canva | Sydney, Australia