all InfoSec news
RCEs in FortiOS SSL VPN, ‘shim’; Latest Ivanti Flaw Possibly Exploited (CVE-2024-21762, CVE-2023-40547, CVE-2024-22024)
Malware Analysis, News and Indicators - Latest topics malware.news
Fortinet has revealed a new critical Remote Code Execution (RCE) vulnerability in FortiOS SSL VPN, cautioning about potential exploitation in ongoing attacks.
Tracked as CVE-2024-21762 (CVSS: 9.6), the critical vulnerability is an out-of-bounds write issue in FortiOS. It enables unauthenticated attackers to execute RCE through maliciously crafted requests.
SOCRadar Vulnerability Card for CVE-2024-21762
The affected FortiOS versions include:
- FortiOS 7.6
- FortiOS 7.4
- FortiOS 7.2
- FortiOS 7.0
- FortiOS 6.4
- FortiOS 6.2
- FortiOS 6.0
Fortinet advises upgrading to the latest versions …
attackers attacks code code execution critical critical vulnerability cve cve-2023-40547 cve-2024-22024 cvss exploitation exploited flaw fortinet fortios issue ivanti latest out-of-bounds out-of-bounds write rce remote code remote code execution shim ssl ssl vpn unauthenticated vpn vulnerability