CVE-2024-21762

Summary

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.4.0 <= 7.4.2affected
FortinetFortiProxy7.2.0 <= 7.2.8affected
FortinetFortiProxy7.0.0 <= 7.0.14affected
FortinetFortiProxy2.0.0 <= 2.0.13affected
FortinetFortiProxy1.2.0 <= 1.2.13affected
FortinetFortiProxy1.1.0 <= 1.1.6affected
FortinetFortiProxy1.0.0 <= 1.0.7affected
FortinetFortiOS7.4.0 <= 7.4.2affected
FortinetFortiOS7.2.0 <= 7.2.6affected
FortinetFortiOS7.0.0 <= 7.0.13affected
FortinetFortiOS6.4.0 <= 6.4.14affected
FortinetFortiOS6.2.0 <= 6.2.15affected
FortinetFortiOS6.0.0 <= 6.0.17affected

Weaknesses

  • CWE-787: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References