Boosts - The 0day dumpster fire that is the security hardware industry rn continues...

briankrebs, 3 months ago

The 0day dumpster fire that is the security hardware industry rn continues unabated this week.

From Rapid7:

"Critical Fortinet FortiOS CVE-2024-21762 Exploited
Feb 12, 2024

On February 8, 2024 Fortinet disclosed multiple critical vulnerabilities affecting FortiOS, the operating system that runs on Fortigate SSL VPNs. The critical vulnerabilities include CVE-2024-21762, an out-of-bounds write vulnerability in SSLVPNd that could allow remote unauthenticated attackers to execute arbitrary code or commands on Fortinet SSL VPNs via specially crafted HTTP requests.

According to Fortinet’s advisory for CVE-2024-21762, the vulnerability is “potentially being exploited in the wild.” The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-21762 to their Known Exploited Vulnerabilities (KEV) list as of February 9, 2024, confirming that exploitation has occurred."

https://www.rapid7.com/blog/post/2024/02/12/etr-critical-fortinet-fortios-cve-2024-21762-exploited/

https://www.cisa.gov/news-events/alerts/2024/02/09/cisa-adds-one-known-exploited-vulnerability-catalog

reply

expand (1)

collapse (1)

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ isotopp, wordshaper, beeoproblem, ljrk +1 more

ljrk 3 months ago
AAKL 3 months ago
beeoproblem 3 months ago
wordshaper 3 months ago
isotopp 3 months ago