Fortinet Warns of Critical VPN Flaw Likely Under Active Exploitation

Fortinet has disclosed a critical security flaw in its FortiOS Secure Sockets Layer (SSL) VPN that allows remote unauthenticated attackers to execute arbitrary code or commands.
Fortinet

Context

Fortinet has disclosed a critical security flaw, CVE-2024-21762, in its FortiOS Secure Sockets Layer (SSL) VPN, with a CVSS score of 9.6, indicating a high severity flaw. The vulnerability allows remote unauthenticated attackers to execute arbitrary code or commands through specially crafted HTTP requests.

Fortinet acknowledges that the flaw is likely being exploited in the wild, although specific details about the exploitation remain undisclosed. Versions impacted include FortiOS 7.4, 7.2, 7.0, 6.4, 6.2, and 6.0, with recommended upgrades to patched versions.

Community Threat Assessment

Due to the available public reporting of CVE-2024-21762 and noted weaponization of the vulnerability, the RH-ISAC Intelligence Team assesses with moderate confidence that CVE-2024-21762 presents a medium threat for organizations in the retail and hospitality sector that currently utilize FortiOS-dependent products within their environment. RH-ISAC recommends RH-ISAC Core Members who utilize Fortinet review the intelligence included in this report and update device where applicable using the provided intelligence below.

Impacted Fortinet Versions and Recommended Mitigations

The following FortiOS versions are impacted by CVE-2024-21762, it is worth noting that FortiOS 7.6 is not currently affected by CVE-2024-21762.

  • FortiOS 7.4 (versions 7.4.0 through 7.4.2) – Upgrade to 7.4.3 or above
  • FortiOS 7.2 (versions 7.2.0 through 7.2.6) – Upgrade to 7.2.7 or above
  • FortiOS 7.0 (versions 7.0.0 through 7.0.13) – Upgrade to 7.0.14 or above
  • FortiOS 6.4 (versions 6.4.0 through 6.4.14) – Upgrade to 6.4.15 or above
  • FortiOS 6.2 (versions 6.2.0 through 6.2.15) – Upgrade to 6.2.16 or above
  • FortiOS 6.0 (versions 6.0 all versions) – Migrate to a fixed release

More Recent Blog Posts

Executive Summary On 02 July 2026, SOCRadar researchers linked the financially-motivated campaign dubbed “FortiBleed” to the Ransom and Lynx ransomware operations, marking the...

Executive Summary On 19 June 2026, the threat group Icarus claimed to have compromised and exfiltrated data from customers of Klue, specifically the...

Executive Summary A report published by The Hacker News on 17 June 2026 detailed a software supply chain attack impacting 144 npm packages...