Critical FortiOS vulnerabilities

The CSSF has been made aware of recent critical FortiOS vulnerabilities in sslvpnd and fgfmd, CVE-2024-21762 and CVE-2024-23113. These vulnerabilities allow a remote unauthenticated attacker to execute arbitrary code or command.

CIRCL, the Computer Incident Center Luxembourg, published a technical report on this subject, including recommendations, available at this URL:

The CSSF strongly recommends all supervised entities concerned to take duly note of this report and to take actions as appropriate.