Apple has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.
Users and Administrators are encouraged to review Apple Security Advisories dated 7th March 2024 and apply necessary updates.
Lenovo has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.
Users and Administrators are encouraged to review Lenovo Security Advisories dated 7th March 2024 and apply necessary updates.
NetApp has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.
Users and Administrators are encouraged to review NetApp Security Advisories dated 7th March 2024 and apply necessary updates.
HP has released security updates to address vulnerabilities in UC Software. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.
Users and Administrators are encouraged to review HP Security Bulletins HPSBPY03897, HPSBPY03896 and HPSBPY03898 and apply necessary updates.
Advisory No: TZCERT/SA/2024/03/07
Date of First Release: 07th March 2024
Source: FortiGate
Software Affected:
| Version | Affected |
| FortiOS 7.4 | 7.4.0 through 7.4.2 |
| FortiOS 7.2 | 7.2.0 through 7.2.6 |
| FortiOS 7.0 | 7.0.0 through 7.0.13 |
| FortiOS 6.4 | 6.4.0 through 6.4.14 |
| FortiOS 6.2 | 6.2.0 through 6.2.15 |
| FortiOS 6.0 | 6.0.0 through 6.0.17 |
| FortiProxy 7.4 | 7.4.0 through 7.4.2 |
| FortiProxy 7.2 | 7.2.0 through 7.2.8 |
| FortiProxy 7.0 | 7.0.0 through 7.0.14 |
| FortiProxy 2.0 | 2.0.0 through 2.0.13 |
| FortiProxy 1.2 | 1.2 all versions |
| FortiProxy 1.1 | 1.1 all versions |
| FortiProxy 1.0 | 1.0 all versions |
Overview:
An out-of-bounds write vulnerability [CVE-2024-21762] in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
Description:
The flaw is in a network’s security system, potentially allowing unauthorized external access. The vulnerability has a high CVSS score of 9.6 to 9.8, indicating a significant risk level. Reports suggest that this vulnerability could already be exploited in the wild.
Impact:
Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.
Solution:
Users and administrators of affected product versions are advised to update to the latest version immediately.
References:
Tanzania Computer Emergency Response Team