Fortinet warns of critical actively exploited RCE flaw in FortiOS SSL VPN

published: Feb. 9, 2024

Take action: If you are using SSL VPN on Fortinet FortiOS, start patching immediately. If you can't patch, at least disable the VPN and use an alternative one. You can't protect this system with a firewall, since it's very function is to be accessible on the internet


Learn More

Fortinet has issued a warning about a new critical vulnerability in its FortiOS SSL VPN that could be under active exploitation by attackers.

This vulnerability, tracked as CVE-2024-21762 (CVSS score 9.6) is as an out-of-bounds write flaw that allows unauthenticated attackers to execute remote code (RCE) through specially crafted requests.

Fortinet has provided a detailed guide for updating affected FortiOS versions to secure ones. The following versions are impacted, along with the recommended updates:

- FortiOS 7.6: Not affected.
- FortiOS 7.4: Versions 7.4.0 through 7.4.2 should be upgraded to 7.4.3 or higher.
- FortiOS 7.2: Versions 7.2.0 through 7.2.6 should be upgraded to 7.2.7 or higher.
- FortiOS 7.0: Versions 7.0.0 through 7.0.13 should be upgraded to 7.0.14 or higher.
- FortiOS 6.4: Versions 6.4.0 through 6.4.14 should be upgraded to 6.4.15 or higher.
- FortiOS 6.2: Versions 6.2.0 through 6.2.15 should be upgraded to 6.2.16 or higher.
- FortiOS 6.0: All versions are advised to migrate to a fixed release.

For organizations unable to immediately apply these patches, Fortinet suggests disabling SSL VPN on the affected FortiOS devices as a temporary mitigation measure.

The advisory lacks specific details on the methods of exploitation or the identity of the discoverer of the vulnerability. Alongside CVE-2024-21762, Fortinet also disclosed other vulnerabilities, including a critically rated CVE-2024-23113 (9.8), and two medium-severity flaws, CVE-2023-44487 and CVE-2023-47537, though these are not currently believed to be exploited in the wild.

Fortinet's vulnerabilities are often targeted by threat actors, including state-sponsored groups, for ransomware campaigns and cyber espionage activities.

Fortinet warns of critical actively exploited RCE flaw in FortiOS SSL VPN