Fortinet has issued a critical warning regarding a serious out-of-bounds write vulnerability found in FortiOS, raising concerns about potential security breaches. This vulnerability, identified as CVE-2024-21762 with a CVSSv3 Score of 9.6, poses a significant threat as remote attackers can exploit it to execute arbitrary code. The exploit takes advantage of a specific type of HTTP request, allowing attackers to execute code or commands through carefully crafted requests.
To mitigate this security risk, Fortinet recommends disabling SSL VPNs as a temporary workaround, specifically targeting SSL VPN web portals. It’s crucial to highlight that solely disabling web mode is not considered a valid and comprehensive solution.
In addition to this, FortiSIEM has recently addressed OS command injection vulnerabilities, namely CVE-2024-23108 and CVE-2024-23109, leading to the release of an advisory to address these concerns.
Adding to the urgency, recent reports indicate that state-sponsored hackers from China have exploited a zero-day vulnerability (CVE-2022-42475) in Fortinet’s virtual private network. This unauthorized access allowed the hackers to compromise the security of Dutch defense networks, underscoring the critical importance of promptly addressing and patching vulnerabilities in network infrastructure.
Given the evolving nature of cyber threats, organizations are urged to stay vigilant, apply recommended security measures, and promptly update their systems to safeguard against potential data breaches and unauthorized access.
The potential threat of quantum computers capable of overcoming asymmetric cryptography jeopardizes the integrity of the digital world, and the likelihood of this threat materializing is increasing day by day.
Read More
Three people were indicted for an identity theft conspiracy that allegedly included the $400 million hack from FTX on the same day in November 2022 that the doomed cryptocurrency exchange filed for bankruptcy protection, court records show.
Read More
English 
Turkish