Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is “potentially” being exploited in the wild. The exploitation-in-the-wild has been confirmed by CISA, by adding it to its Known Exploited Vulnerabilities (KEV) catalog, though details about the attacks are still undisclosed. About the vulnerabilities (CVE-2024-21762, CVE-2024-23313) CVE-2024-21762 is an out-of-bounds write vulnerability in FortiOS, which may allow a remote unauthenticated attacker to execute arbitrary code or command via specially … More

The post Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762) appeared first on Help Net Security.