FortiOS Out-of-Bounds Write Vulnerability

Published on 09-Feb-2024
Updated:
17-Jan-2025
Status:
 
Closed
CVEs:
CVE-2024-21762

Fortra is actively researching an out-of-bounds write vulnerability in FortiOS. This vulnerability, CVE-2024-21762, may allow an unauthenticated remote attacker to execute arbitrary code or command via specially crafted HTTP requests. Customers are recommended to upgrade to a fixed version of FortiOS as soon as possible.

Who is affected?

The following version of FortiOS are vulnerable to CVE-2024-21762:

  • FortiOS 7.4.0 through 7.4.2
  • FortiOS 7.2.0 through 7.2.6
  • FortiOS 7.0.0 through 7.0.13
  • FortiOS 6.4.0 through 6.4.14
  • FortiOS 6.2.0 through 6.2.15
  • All versions of FortiOS 6.0

What can I do?

Customers are recommended to upgrade to one of the following fixed versions of FortiOS, based on their current version of FortiOS.

  • For FortiOS 7.4, upgrade to 7.4.3 or above.
  • For FortiOS 7.2, upgrade to 7.2.7 or above.
  • For FortiOS 7.0, upgrade to 7.0.14 or above.
  • For FortiOS 6.4, upgrade to 6.4.15 or above.
  • For FortiOS 6.2, upgrade to 6.2.16 or above.
  • For FortiOS 6.0, migrate to one of the listed fixed versions.

If you are not able to upgrade immediately, the suggested workaround is to disable SSL VPN.

How is Fortra helping me?

Fortra is actively researching this threat to build detection capabilities in addition to those listed below.

Alert Logic Vulnerability Scanning: Alert Logic released unauthenticated scan coverage on February 10, 2024. If the vulnerability is found, an exposure (EID: 253812) will be raised for CVE-2024-21762.

Core Impact: On March 14, 2024, Core Impact released a checker for Fortiguard FortiOS SSLVPN Chunked Transfer-Encoding Vulnerability. It checks the presence of the vulnerability CVE-2024-21762 CVSS 9.8, an out-of-bounds write present in Fortinet FortiOS allows attacker to execute unauthorized code or commands via specifically crafted requests. This check was tested on FortiGate-VM-FGT_VM64-v7.4.1.F-build 2463.

Fortra VM: Fortra VM released a new unauthenticated check on March 8, 2024, for CVE-2024-21762: Fortinet Security Advisory: FG-IR-24-015 - CVE-2024-21762 (158767) via Network Scanner 4.37.0.

Tripwire IP360: Tripwire released authenticated scan coverage on February 15, 2024, to identify vulnerable instances. If the vulnerability is found, vulnerability 604841 will match for CVE-2024-21762.

Updates

Fortra has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Fortra coverage as it becomes available. 

Recent Emerging Threats
:
Unauthenticated File Upload in SAP NetWeaver
:
CrushFTP Authentication Bypass
:
Multiple Vulnerabilities Impacting VMware ESXi, Workstation, and Fusion Updates
:
Multiple Vulnerabilities Impacting rsync
:
Multiple Vulnerabilities Impacting ingress-nginx Controller for Kubernetes
Security Alerts in Your Inbox. We will watch for emerging threats; you can watch for our email.