Fortinet has released a patch to fix a security vulnerability in its FortiOS SSL VPN product that is potentially being exploited in the wild.

Tracked as CVE-2024-23113, this vulnerability is classified as ‘Critical’ with a CVSS Score of 9.6, which may allow a malicious actor to execute unauthorized code.

Based on the official advisory, FortiOS version 7.6 is not affected by this vulnerability.

A. Nature of Vulnerability


  • An out-of-bounds write vulnerability in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
FortiOS 7.4 7.4.0 through 7.4.2Upgrade to 7.4.3 or above
FortiOS 7.2 7.2.0 through 7.2.6Upgrade to 7.2.7 or above
FortiOS 7.0 7.0.0 through 7.0.13Upgrade to 7.0.14 or above
FortiOS 6.4 6.4.0 through 6.4.14Upgrade to 6.4.15 or above
FortiOS 6.2 6.2.0 through 6.2.15Upgrade to 6.2.16 or above
FortiOS 6.0 6.0 all versionsMigrate to a fixed release

CERT-PH recommends the following actions be taken:

  • Kindly review and apply the necessary updates to mitigate future threats.
  • For additional information, kindly refer to the official report