February 9, 2024 at 04:09PM Fortinet has released critical patches for a remote code execution vulnerability, tracked as CVE-2024-21762, in FortiOS impacting versions 6.0, 6.2, 6.4, 7.0, 7.2, and 7.4. FortiOS 7.6 is unaffected. Fortinet advises migrating from version 6.0. Disabling SSL VPN is a workaround, but does not fully mitigate the vulnerability. The Chinese … Read more
February 9, 2024 at 04:03PM CISA confirmed active exploitation of a critical RCE bug in Fortinet’s FortiOS. Vulnerable admins can disable SSL VPN to mitigate risk. CISA added the CVE-2022-48618 to its Known Exploited Vulnerabilities Catalog, mandating federal agencies secure FortiOS devices. Fortinet confusingly denied, then admitted RCE vulnerabilities, prompting urgent device security due to … Read more
February 9, 2024 at 09:38AM Summary: Fortinet faced a series of security vulnerabilities impacting FortiOS, including a critical SSL VPN issue. Users were urged to upgrade to patched versions, with specific guidelines for affected FortiOS versions. Fortinet’s delayed and confusing response to vulnerability disclosures drew criticism. Additionally, an unusual incident involving a toothbrush DDoS attack … Read more
February 8, 2024 at 06:14PM Fortinet warns of a critical remote code execution vulnerability (CVE-2024-21762/FG-IR-24-015) in FortiOS SSL VPN, with a 9.6 severity rating. Unpatched versions affected. Recommended upgrades provided. Those unable to patch can mitigate by disabling SSL VPN. Potential exploitation by threat actors. Urgent device updates advised due to high severity and possible … Read more