Feb. 8, 2024, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
Workaround : disable SSL VPN (disable webmode is NOT a valid workaround)
Note: This is potentially being exploited in the wild.

arbitrary code attacker code command cwe exploited fortios http http requests may out-of-bounds out-of-bounds write requests ssl ssl vpn unauthenticated valid vpn vulnerability workaround

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

Senior Director, Artificial Intelligence & Machine Learning and Data Management

@ General Dynamics Information Technology | USA VA Falls Church - 3150 Fairview Park Dr (VAS095)

Test Engineer - Remote

@ General Dynamics Information Technology | USA VA Home Office (VAHOME)

Senior Principal Oracle Database Administrator

@ Everfox | Home Office - USA - Maryland

Director, Early Career and University Relations

@ Proofpoint | Texas

Enterprise Account Manager

@ Proofpoint | Geneva, Switzerland - Remote