Fortinet Patches Code Execution Vulnerability in FortiOS

June 12, 2024 at 12:45PM Fortinet has released patches for multiple vulnerabilities in FortiOS, including stack-based buffer overflow flaws leading to unauthorized code execution. The most severe issue, CVE-2024-23110, impacts FortiOS 6.x and 7.x. Other vulnerabilities include CVE-2024-26010, CVE-2023-46720, and CVE-2024-3661. Customers are advised to upgrade to fixed releases to mitigate potential exploitation. Based on … Read more

Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks

March 11, 2024 at 10:03AM Fortinet recently patched a critical vulnerability in FortiOS, warning of potential exploitation. Tracked as CVE-2024-21762, the flaw can result in out-of-bounds write issues, allowing remote attackers to execute arbitrary code. While CISA added it to the Known Exploited Vulnerabilities Catalog, there are no reports of mass attacks or confirmed exploitation. … Read more

Critical Fortinet flaw may impact 150,000 exposed devices

March 8, 2024 at 03:42PM Around 150,000 Fortinet FortiOS and FortiProxy systems worldwide are vulnerable to CVE-2024-21762, enabling code execution without authentication. The Cyber Defense Agency confirmed active exploitation of the flaw, with the majority of vulnerable devices in the United States. Fortunately, a simple Python script is available to check for vulnerability. It looks … Read more