Fortinet Patches Critical Flaw in FortiOS SSL VPN (CVE-2024-2

Fortinet Patches Critical Flaw in FortiOS SSL VPN (CVE-2024-21762)

On February 8, Fortinet published a security advisory (FG-IR-24-015) to address a critical flaw in FortiOS:

CVE-2024-21762

The vulnerability exists in the SSL VPN daemon (sslvpnd) in FortiOS and, according to Fortinet, has been “potentially exploited in the wild” though no specific information was shared as of February 9 about this potential in-the-wild exploitation.

For more information about this vulnerability along with several others that were patched on February 8, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Fortinet Patches Critical Flaw in FortiOS SSL VPN (CVE-2024-2

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia