CVE-2024-21762 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Fortinet FortiOS Out-of-Bound Write Vulnerability

Exploit added

February 9, 2024

Action due

February 16, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

References

https://fortiguard.com/psirt/FG-IR-24-015

Weakness Enumeration

CWE-ID	CWE Name
CWE-787	Out-of-bounds Write

Known Affected Software Configurations

cpe:2.3:o:fortinet:fortios:7.4.1:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.2.8:::::::*
cpe:2.3:o:fortinet:fortios:7.2.7:::::::*
cpe:2.3:o:fortinet:fortios:7.0.13:::::::*
cpe:2.3:o:fortinet:fortios:6.4.15:::::::*
cpe:2.3:o:fortinet:fortios:7.2.6:::::::*
cpe:2.3:o:fortinet:fortios:7.0.14:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.0.14:::::::*
cpe:2.3:o:fortinet:fortios:7.4.2:::::::*
cpe:2.3:o:fortinet:fortios:6.2.16:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.4.0:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.4.1:::::::*
cpe:2.3:o:fortinet:fortios:7.4.0:::::::*
cpe:2.3:o:fortinet:fortios:6.4.14:::::::*
cpe:2.3:o:fortinet:fortios:6.2.15:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.2.5:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.0.11:::::::*
cpe:2.3:o:fortinet:fortios:7.0.12:::::::*
cpe:2.3:o:fortinet:fortios:7.2.5:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.2.4:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.0.10:::::::*
cpe:2.3:o:fortinet:fortios:6.0.17:::::::*
cpe:2.3:o:fortinet:fortios:6.2.14:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.2.3:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.0.9:::::::*
cpe:2.3:a:fortinet:fortiproxy:2.0.12:::::::*
cpe:2.3:o:fortinet:fortios:6.4.13:::::::*
cpe:2.3:o:fortinet:fortios:7.0.11:::::::*
cpe:2.3:o:fortinet:fortios:7.0.10:::::::*
cpe:2.3:o:fortinet:fortios:6.4.12:::::::*
cpe:2.3:o:fortinet:fortios:6.2.13:::::::*
cpe:2.3:o:fortinet:fortios:7.0.9:::::::*
cpe:2.3:o:fortinet:fortios:6.0.15:::::::*
cpe:2.3:o:fortinet:fortios:6.4.11:::::::*
cpe:2.3:o:fortinet:fortios:6.0.16:::::::*
cpe:2.3:o:fortinet:fortios:7.2.3:::::::*
cpe:2.3:o:fortinet:fortios:7.2.4:::::::*
cpe:2.3:o:fortinet:fortios:7.0.8:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.2.2:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.0.8:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.2.1:::::::*
cpe:2.3:o:fortinet:fortios:6.2.12:::::::*
cpe:2.3:o:fortinet:fortios:6.4.10:::::::*
cpe:2.3:a:fortinet:fortiproxy:2.0.4:::::::*
cpe:2.3:a:fortinet:fortiproxy:2.0.8:::::::*
cpe:2.3:a:fortinet:fortiproxy:2.0.5:::::::*
cpe:2.3:a:fortinet:fortiproxy:2.0.6:::::::*
cpe:2.3:a:fortinet:fortiproxy:2.0.7:::::::*
cpe:2.3:a:fortinet:fortiproxy:2.0.9:::::::*
cpe:2.3:a:fortinet:fortiproxy:2.0.10:::::::*
cpe:2.3:a:fortinet:fortiproxy:1.2.12:::::::*
cpe:2.3:a:fortinet:fortiproxy:1.2.13:::::::*
cpe:2.3:o:fortinet:fortios:7.2.2:::::::*
cpe:2.3:o:fortinet:fortios:7.0.7:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.0.5:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.0.3:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.0.4:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.0.7:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.0.6:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.2.0:::::::*
cpe:2.3:o:fortinet:fortios:7.2.1:::::::*
cpe:2.3:o:fortinet:fortios:7.2.0:::::::*
cpe:2.3:o:fortinet:fortios:7.0.6:::::::*
cpe:2.3:o:fortinet:fortios:7.0.5:::::::*
cpe:2.3:o:fortinet:fortios:6.2.11:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.0.1:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.0.2:::::::*
cpe:2.3:o:fortinet:fortios:7.0.4:::::::*
cpe:2.3:o:fortinet:fortios:7.0.3:::::::*
cpe:2.3:o:fortinet:fortios:6.4.8:::::::*
cpe:2.3:o:fortinet:fortios:6.4.9:::::::*
cpe:2.3:o:fortinet:fortios:6.0.14:::::::*
cpe:2.3:a:fortinet:fortiproxy:7.0.0:::::::*
cpe:2.3:a:fortinet:fortiproxy:1.2.11:::::::*
cpe:2.3:o:fortinet:fortios:6.2.10:::::::*
cpe:2.3:o:fortinet:fortios:7.0.2:::::::*
cpe:2.3:o:fortinet:fortios:6.4.7:::::::*
cpe:2.3:o:fortinet:fortios:6.2.9:::::::*
cpe:2.3:o:fortinet:fortios:5.6.14:::::::*
cpe:2.3:o:fortinet:fortios:6.2.6:::::::*
cpe:2.3:o:fortinet:fortios:6.0.12:::::::*
cpe:2.3:o:fortinet:fortios:6.2.8:::::::*
cpe:2.3:o:fortinet:fortios:6.0.13:::::::*
cpe:2.3:o:fortinet:fortios:5.6.13:::::::*
cpe:2.3:o:fortinet:fortios:5.6.12:::::::*
cpe:2.3:o:fortinet:fortios:6.0.11:::::::*
cpe:2.3:o:fortinet:fortios:7.0.1:::::::*
cpe:2.3:o:fortinet:fortios:6.2.7:::::::*
cpe:2.3:o:fortinet:fortios:7.0.0:::::::*
cpe:2.3:o:fortinet:fortios:6.4.6:::::::*
cpe:2.3:o:fortinet:fortios:6.4.3:::::::*
cpe:2.3:o:fortinet:fortios:6.4.4:::::::*
cpe:2.3:o:fortinet:fortios:6.4.5:::::::*
cpe:2.3:a:fortinet:fortiproxy:2.0.3:::::::*
cpe:2.3:o:fortinet:fortios:5.2.14:::::::*
cpe:2.3:o:fortinet:fortios:5.2.15:::::::*
cpe:2.3:o:fortinet:fortios:5.4.11:::::::*
cpe:2.3:o:fortinet:fortios:5.4.13:::::::*
cpe:2.3:o:fortinet:fortios:5.4.12:::::::*
cpe:2.3:a:fortinet:fortiproxy:1.0.7:::::::*

Details

Source:
NVD

Published:
February 9, 2024

Updated:
February 13, 2024

Risk information

CVSS v3

Base score:
9.8

Severity:

CRITICAL

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined