Fortinet has warned customers to patch immediately against a new vulnerability it said is under active exploitation.
The critical-rated vulnerability exists in a VPN product, FortiOS SSL-VPN.
In its advisory, the company said the bug is a heap-based buffer overflow.
It “may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests”, the company said.
As well as installing patches, the company said admins should check their systems for indicators of compromise.
These include multiple log entries indicating the SSL VPN daemon has crashed; and the presence of the following artefacts on a system: libips.bak, libgif.so, libiptcp.so, libipudp.so, libjepg.so, .sslvpnconfigbk, wxd.conf, and a /flash directory.
A compromised system might also show connections to what Fortinet calls “suspicious IP addresses”: 188.34.130.40:444; 103.131.189.143:30080, along with 30081, 30443, and 20443; 192.36.119.61:8443 and 444; and 172.247.168.153:8033.
The addresses are hosted variously in Iran, Sweden and the United States, according to the DNS lookup tool Robtex.
The vulnerability is present in eight branches of the Fortios SSL-VPN software, and all have been patched.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
