FortiOS SSL VPN heap overflow enabling unauthenticated RCE — Volt Typhoon (Chinese APT) actively exploited before patch release. Apply patches immediately or disable SSL VPN. Review all FortiOS VPN gateway logs for unauthorized access attempts.
A heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL VPN PSIRT before versions 7.4.1, 7.2.5, 7.0.12, 6.4.13, 6.0.17 may allow a remote unauthenticated attacker to execute arbitrary code.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →