Imechapishwa: Mar 07, 2024 11:58
Advisory No: TZCERT/SA/2024/03/07
Source: FortiGate
Software Affected: FortiOS 7.4 7.4.0 through 7.4.2 FortiOS 7.2 7.2.0 through 7.2.6 FortiOS 7.0 7.0.0 through 7.0.13 FortiOS 6.4 6.4.0 through 6.4.14 FortiOS 6.2 6.2.0 through 6.2.15 FortiOS 6.0 6.0.0 through 6.0.17 FortiProxy 7.4 7.4.0 through 7.4.2 FortiProxy 7.2 7.2.0 through 7.2.8 FortiProxy 7.0 7.0.0 through 7.0.14 FortiProxy 2.0 2.0.0 through 2.0.13 FortiProxy 1.2 1.2 all versions FortiProxy 1.1 1.1 all versions FortiProxy 1.0 1.0 all versions
An out-of-bounds write vulnerability [CVE-2024-21762] in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
Advisory No: TZCERT/SA/2024/03/07
Date of First Release: 07th March 2024
Source: FortiGate
Software Affected:
| Version | Affected |
| FortiOS 7.4 | 7.4.0 through 7.4.2 |
| FortiOS 7.2 | 7.2.0 through 7.2.6 |
| FortiOS 7.0 | 7.0.0 through 7.0.13 |
| FortiOS 6.4 | 6.4.0 through 6.4.14 |
| FortiOS 6.2 | 6.2.0 through 6.2.15 |
| FortiOS 6.0 | 6.0.0 through 6.0.17 |
| FortiProxy 7.4 | 7.4.0 through 7.4.2 |
| FortiProxy 7.2 | 7.2.0 through 7.2.8 |
| FortiProxy 7.0 | 7.0.0 through 7.0.14 |
| FortiProxy 2.0 | 2.0.0 through 2.0.13 |
| FortiProxy 1.2 | 1.2 all versions |
| FortiProxy 1.1 | 1.1 all versions |
| FortiProxy 1.0 | 1.0 all versions |
Overview:
An out-of-bounds write vulnerability [CVE-2024-21762] in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
Description:
The flaw is in a network’s security system, potentially allowing unauthorized external access. The vulnerability has a high CVSS score of 9.6 to 9.8, indicating a significant risk level. Reports suggest that this vulnerability could already be exploited in the wild.
Impact:
Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.
Solution:
Users and administrators of affected product versions are advised to update to the latest version immediately.
References:
Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.
Users and administrators of affected product versions are advised to update to the latest version immediately.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
