We’ve had to write the word “Fortinet” so often lately that we’re considering making a macro just to make our lives a little easier after what the company’s reps will surely agree has been a week sent from hell.
It all culminated this Friday with the disclosure of yet another critical security vulnerability in FortiOS, impacting its SSL VPN.
Tracked as CVE-24-21762, the 9.6 severity out-of-bounds write issue allows for remote unauthenticated attackers to achieve code execution. There’s also evidence to suggest it’s already been exploited as a zero-day.