Fortinet Remote Code Execution Vulnerability (CVE-2024-21762)

A critical Remote Code Execution vulnerability (CVE-2024-21762) was identified in FortiOS and FortiProxy SSL VPN recently which may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.

Fortinet has released the patches to remediate the vulnerability and strongly recommends customers to apply the update IMMEDIATELY.

 

Vulnerability

  • Remote Code Execution Vulnerability (CVE-2024-21762)
    • An out-of-bounds write vulnerability in FortiOS and FortiProxy SSL VPN. Successful exploitation enables a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.

 

Severity Level

  • Critical

 

Affected Products

  • FortiOS:
    • 7.4.0 through 7.4.2,
    • 7.2.0 through 7.2.6,
    • 7.0.0 through 7.0.13,
    • 6.4.0 through 6.4.14,
    • 6.2.0 through 6.2.15,
    • 6.0.0 through 6.0.17
  • FortiProxy:
    • 7.4.0 through 7.4.2,
    • 7.2.0 through 7.2.8,
    • 7.0.0 through 7.0.14,
    • 2.0.0 through 2.0.13,
    • 1.2 all versions,
    • 1.1 all versions,
    • 1.0 all versions

 

Remediation

  • Please apply the latest update patches in your department devices immediately.

 

Reference

 

Enquiry

 

 

Published on: 25 Mar 2024