9 February 2024 [NO.TCSA : 20240209-1-1-P]
A critical vulnerability, identified as CVE-2024-21762, has been discovered in FortiOS SSL VPN. This out-of-bounds write flaw, with a severity score of 9.6, allows unauthenticated attackers to execute arbitrary code remotely. It is believed to be actively exploited.
Fortinet recommends updating to the latest versions immediately. If immediate updating is not feasible, disabling SSL VPN is advised as a temporary measure.
Version | Affected | Solution |
FortiOS 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
FortiOS 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
FortiOS 7.0 | 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above |
FortiOS 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
FortiOS 6.2 | 6.2.0 through 6.2.15 | Upgrade to 6.2.16 or above |
FortiOS 6.0 | 6.0 all versions | Migrate to a fixed release |