CVE-2024-21762 is an actively exploited FortiOS SSL VPN RCE requiring no authentication. Multiple threat actors including Chinese APTs are exploiting this at scale. Immediately upgrade FortiOS or disable SSL VPN. If patching is delayed, review FortiOS logs for IOCs related to the webshell dropper activity.
Fortinet FortiOS out-of-bounds write vulnerability in sslvpnd allows unauthenticated RCE via HTTP requests.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →