Fortinet Multiple RCE Vulnerabilities Exploited - 20240209002¶
Overview¶
Fortinet has announced a new critical remote code execution vulnerability in FortiOS SSL VPN which is potentially being exploited in the wild. The vulnerability could allow unauthenticated threat actors to gain remote code execution via maliciously crafted requests.
What is vulnerable?¶
| Product(s) Affected | **Recommended Solutions ** | Severity | CVSS |
|---|---|---|---|
| FortiOS 7.6 - Not affected | Not Applicable | NA | NA |
| FortiOS 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above | Critical | NA |
| FortiOS 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above | Critical | NA |
| FortiOS 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above | Critical | NA |
| FortiOS 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above | Critical | NA |
| FortiOS 6.2.0 through 6.2.15 | Upgrade to 6.2.16 or above | Critical | NA |
| FortiOS 6.0 all versions | Migrate to a fixed release | Critical | NA |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):