This alert is relevant to Australian businesses, organisations, and government entities.
This alert contains a combination of simple and technical advice.
Background / What has happened?
- The ASD’s ACSC is aware of an Unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2024-21762) in Fortinet FortiOS devices.
- CVE-2024-21762 refers to an out-of-bounds write vulnerability that may allow Unauthenticated RCE via a specially crafted HTTP request.
Mitigation / How do I stay secure?
The ASD’s ACSC recommends business, organisations and government entities patch affected devices or disable SSL VPN if unable to patch.
Fortinet’s Fortiguard has further information on affected versions and patching.
Assistance / Where can I go for help?
Organisations or individuals that have been impacted by a cyber incident or require assistance can contact the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371) or make a report online.
Your report makes a difference and helps us to produce advice that protects the broader Australian community.