Skip to content

Defense Digests

Potential Exploitation of Critical FortiOS SSL VPN 0-Day

Dataprise Defense Digest 550x550 square 81b9c004fda6a6de80ab2a0e7f7c7938 46aw13uh8spc

Table of content

Dataprise Defense Digest 

ID: D3-2024-0001-1

Severity: Critical (9.8)

Published: February 9, 2024 


On February 8, 2024, Fortinet disclosed information about a new Fortinet Remote Code Execution (RCE) flaw in its SSL VPN that has a high likelihood of being exploited in the wild. Fortinet’s recommended solution is to upgrade any vulnerable FortiOS to the latest version. If upgrading is not feasible, there is workaround that mitigates the RCE vulnerability by disabling the SSL VPN functionality. Dataprise advises that Chinese state-sponsored threat actors known as Volt Typhoon are known to target FortiOS vulnerabilities to deploy custom malware known as COATHANGER, a custom remote access trojan (RAT) designed to infect Fortigate network security appliances.

Dataprise is aware of the critical nature of this vulnerability and is conducting a review of all available analyses of these vulnerabilities and the potential impact on our clients. This has been a major exercise as the investigation requires that a specific order of actions is taken to achieve the response objectives. Right now, our teams are working to confirm whether the recommended mitigation steps can be applied without causing any customer-facing service interruptions. If your organization’s Fortinet appliance is covered under a Dataprise Managed Service agreement, we will send a follow-up communication with details on our mitigation efforts.


This critical vulnerability (9.8 CVSS) is being tracked as CVE-2024-21762. Successful exploitation of this out-of-bounds write vulnerability in FortiOS could allow an unauthenticated attacker to perform remote code execution via maliciously crafted requests.

Dataprise strongly advises prioritizing the upgrade of affected FortiOS versions to the latest version that is not affected by the vulnerability.


The FortiOS versions impacted by the vulnerability are the following:

  • FortiOS 7.4 (versions 7.4.0 through 7.4.2).
  • FortiOS 7.2 (versions 7.2.0 through 7.2.6).
  • FortiOS 7.0 (versions 7.0.0 through 7.0.13).
  • FortiOS 6.4 (versions 6.4.0 through 6.4.14).
  • FortiOS 6.2 (versions 6.2.0 through 6.2.15).
  • FortiOS 6.0 (versions 6.0 all versions).


Fortinet has provided the following solution pertaining to the specified affected versions:

  • FortiOS 7.4      7.4.0 through 7.4.2       Upgrade to 7.4.3 or above.
  • FortiOS 7.2      7.2.0 through 7.2.6       Upgrade to 7.2.7 or above.
  • FortiOS 7.0      7.0.0 through 7.0.13     Upgrade to 7.0.14 or above.
  • FortiOS 6.4      6.4.0 through 6.4.14     Upgrade to 6.4.15 or above.
  • FortiOS 6.2      6.2.0 through 6.2.15     Upgrade to 6.2.16 or above.
  • FortiOS 6.0      6.0 all versions              Migrate to a fixed release.



  • Josh McNulty, vCISO
  • Stephen Jones, VP Cybersecurity

Recent Tweets


Learn about the latest threats and vulnerabilities with our D3 alerts.

Subscribe to get real-time notifications when a new Dataprise Defense Digest is published.