Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Critical Vulnerability in FortiOS
Alerts

Active Exploitation of Critical Vulnerability in FortiOS

9 February 2024

Fortinet has released updates addressing a critical vulnerability (CVE-2024-21762) in FortiOS. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.6 out of 10. The vulnerability is potentially being actively exploited.

Successful exploitation of this out-of-bounds write vulnerability in FortiOS could allow an unauthenticated attacker to perform remote code execution via maliciously crafted requests.

The vulnerability affects the following product versions:

  • FortiOS 7.4.0 through 7.4.2

  • FortiOS 7.2.0 through 7.2.6

  • FortiOS 7.0.0 through 7.0.13

  • FortiOS 6.4.0 through 6.4.14

  • FortiOS 6.2.0 through 6.2.15

  • FortiOS 6.0 all versions

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://www.fortiguard.com/psirt/FG-IR-24-015

https://www.bleepingcomputer.com/news/security/new-fortinet-rce-flaw-in-ssl-vpn-likely-exploited-in-attacks/