CVE-2024-21762 Vulnerability Scanner for FortiGate Firewalls

Published On: Mar 07, 2024 11:58

Advisory No: TZCERT/SA/2024/03/07

Source: FortiGate

Software Affected: FortiOS 7.4 7.4.0 through 7.4.2 FortiOS 7.2 7.2.0 through 7.2.6 FortiOS 7.0 7.0.0 through 7.0.13 FortiOS 6.4 6.4.0 through 6.4.14 FortiOS 6.2 6.2.0 through 6.2.15 FortiOS 6.0 6.0.0 through 6.0.17 FortiProxy 7.4 7.4.0 through 7.4.2 FortiProxy 7.2 7.2.0 through 7.2.8 FortiProxy 7.0 7.0.0 through 7.0.14 FortiProxy 2.0 2.0.0 through 2.0.13 FortiProxy 1.2 1.2 all versions FortiProxy 1.1 1.1 all versions FortiProxy 1.0 1.0 all versions

Overview

An out-of-bounds write vulnerability [CVE-2024-21762] in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.

Description

The flaw is in a network’s security system, potentially allowing unauthorized external access. The vulnerability has a high CVSS score of 9.6 to 9.8, indicating a significant risk level. Reports suggest that this vulnerability could already be exploited in the wild.

Impact

Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

Solution

Users and administrators of affected product versions are advised to update to the latest version immediately.

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident