This alert is relevant to organizations who utilize Fortinet products and the vulnerabilities affecting these Fortinet products.

Fortinet has released information regarding their observation of active exploitation of previously known vulnerabilities affecting Fortinet devices, including:

• FG-IR-24-015: Out-of-bound Write in sslvpnd
• FG-IR-23-097: Heap buffer overflow in sslvpn pre-authentication
• FG-IR-22-398: Heap-based buffer overflow in sslvpnd

Vulnerable Fortinet products can be exploited by actors and possibly have access to your Network environment.

CERTVU encourages users and administrators to search for indicators of compromise (IOCs) and apply the necessary updates and workarounds. Organizations should review their configurations in determining their risk. They should also verify if they are running any vulnerable versions of Fortinet products.

CERTVU recommends businesses, organizations and government institutions to:

• Follow Fortinet’s published advice relating to this activity.
• Upgrade to the latest versions of affected products.
• Review configuration of all affected products for potential modification and compromise.
• Monitor and investigate for suspicious activity in connected environments.

Further information can be found at Fortinet’s advisory page, Analysis of Threat Actor Activity.