FortiOS SSL VPN heap overflow enabling unauthenticated RCE — Volt Typhoon (Chinese APT) actively exploited before patch release. Apply patches immediately or disable SSL VPN. Review all FortiOS VPN gateway logs for unauthorized access attempts.
A heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL VPN PSIRT before versions 7.4.1, 7.2.5, 7.0.12, 6.4.13, 6.0.17 may allow a remote unauthenticated attacker to execute arbitrary code.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →