image credit: Vecteezy

Fortinet’s week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim

February 9, 2024

We’ve had to write the word “Fortinet” so often lately that we’re considering making a macro just to make our lives a little easier after what the company’s reps will surely agree has been a week sent from hell.

It all culminated this Friday with the disclosure of yet another critical security vulnerability in FortiOS, impacting its SSL VPN.

Tracked as CVE-24-21762, the 9.6 severity out-of-bounds write issue allows for remote unauthenticated attackers to achieve code execution. There’s also evidence to suggest it’s already been exploited as a zero-day.

Read More on The Register