⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.. Due date: 2024-02-16.

CVE-2024-21762 — FortiGate RCE: Out-of-bounds Write in FortiOS SSL-VPN

CWE-787 — Out-of-bounds Write16 documents12 sources

Severity

9.8CRITICALNVD

EPSS

92.7%

top 0.25%

CISA KEV

KEVRansomware

Added 2024-02-09

Due 2024-02-16

Exploit

Exploited in wild

Active exploitation observed

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedFeb 9

KEV addedFeb 9

KEV dueFeb 16

Latest updateMar 22

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDfortinet/fortios6.0.0 — 6.0.18+5

▶NVDfortinet/fortiproxy1.0.0 — 2.0.14+3

▶CVEListV5fortinet/fortios7.4.0 — 7.4.2+5

▶CVEListV5fortinet/fortiproxy7.4.0 — 7.4.2+6

🔴Vulnerability Details

CVEList

CVE-2024-21762: A out-of-bounds write in Fortinet FortiOS versions 7↗2024-02-09

▶

GHSA

GHSA-v4hq-m4wr-6pmj: A out-of-bounds write in Fortinet FortiOS versions 7↗2024-02-09

▶

VulnCheck

Fortinet FortiOS Out-of-Bound Write Vulnerability↗2024

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length Out of Bounds Write Remote Code Execution Attempt (CVE-2024-21762) - Heap Manipulation↗2024-03-22

▶

Suricata

ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length (CVE-2024-21762) Vulnerability Scan Attempt↗2024-03-22

▶

📋Vendor Advisories

CISA

Fortinet FortiOS Out-of-Bound Write Vulnerability↗2024-02-09

▶

Fortinet

Out-of-bound Write in sslvpnd↗2024-02-09

▶

🕵️Threat Intelligence

Bleepingcomputer

Critical Fortinet flaw may impact 150,000 exposed devices↗2024-03-08

▶

Wiz

New FortiOS Critical Vulnerabilities Exploited In-The-Wild | Wiz Blog↗2024-02-12

▶

Wiz

New FortiOS Critical Vulnerabilities Exploited In-The-Wild | Wiz Blog↗2024-02-12

▶

Bleepingcomputer

New Fortinet RCE bug is actively exploited, CISA confirms↗2024-02-09

▶

Bleepingcomputer

New Fortinet RCE flaw in SSL VPN likely exploited in attacks↗2024-02-08

▶