DIVD-2024-00005 - Remote code execution in FortiOS
|Update your devices to a patched version as soon as possible
|10 Feb 2024 10:02
Fortinet is warning that a new Remote Code Execution vulnerability in FortiOS SSL VPN is being exploited by threat actors. Fortinet advises updating to the latest version to install the patch. Failing to install the patch might lead to a threat actor completely taking over your network.
Fortinet urges users to upgrade to the latest version as soon as possible. If you are compromised, DIVD advises you start your incident response process immediately.
What we are doing
DIVD is currently working together with Fox IT to identify vulnerable instances and notify the owners of these systems.
|08 Feb 2024
|DIVD starts researching this vulnerability in collaboration with Fox-IT.
|09 Feb 2024
|DIVD sends out first round of notifications..