CVE-2024-21762
CVE-2024-21762
In short
A memory writing flaw in Fortinet FortiOS and FortiProxy allows attackers to write data beyond intended memory boundaries through specially crafted requests, potentially enabling them to run unauthorized code on affected devices.
Technical detail
Out-of-bounds write vulnerability (CWE-787) in FortiOS 6.0.0–7.4.2 and FortiProxy 1.0.0–7.4.2 permits remote code execution when processing specially crafted requests; no authentication requirement specified, indicating network-accessible attack vector with critical impact on system integrity and confidentiality.
Summary generated and translated by AI from the official description.
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C
public PoCs found — 9
githubgithub.com/h4x0r-dz/CVE-2024-21762★ 150githubgithub.com/BishopFox/cve-2024-21762-check★ 107githubgithub.com/r4p3c4/CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check★ 16githubgithub.com/d0rb/CVE-2024-21762★ 12githubgithub.com/abrewer251/CVE-2024-21762_FortiNet_PoC★ 2githubgithub.com/rdoix/cve-2024-21762-checker★ 1githubgithub.com/deFr0ggy/CVE-2024-21762-Checker★ 0githubgithub.com/0x13-ByteZer0/CVE-2024-21762★ 0githubgithub.com/0x0asif/CVE-2024-21762★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →