all InfoSec news
CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability
Cyber Exposure Alerts www.tenable.com
Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. critical infrastructure through exploitation of known vulnerabilities
Background
On February 8, Fortinet published an advisory (FG-IR-24-015) to address a critical flaw in FortiOS, its network operating system.
CVEDescriptionCVSSv3SeverityCVE-2024-21762Fortinet FortiOS Out-of-bound Write Vulnerability in sslvpnd9.6CriticalAdditionally, Fortinet patched three other vulnerabilities in FortiOS and FortiProxy, including a fix for the HTTP/2 …
address advisory chinese critical critical flaw critical infrastructure cve exploitation exploited february flaw fortinet fortinet fortios fortios government government agencies infrastructure network operating system positioning sponsored ssl ssl vpn state system threat threat actors vpn vulnerability