CVE-2024-21762:This vulnerability, identified as CVE-2024-21762, is a critical security flaw in Fortinet's FortiOS and FortiProxy products. It allows an attacker to execute unauthorized code or commands via specifically crafted requests.

splash
Back

Description Preview

CVE-2024-21762 is a critical vulnerability that exists in Fortinet's FortiOS and FortiProxy products. The vulnerability is due to an out-of-bounds write error that could allow an attacker to execute unauthorized code or commands via specifically crafted requests. The affected versions of FortiOS are 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17. The affected versions of FortiProxy are 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7. The vulnerability has a CVSS base score of 9.6, indicating a high level of severity.

Overview

The vulnerability is due to an out-of-bounds write error in Fortinet's FortiOS and FortiProxy products. This error allows an attacker to execute unauthorized code or commands via specifically crafted requests. The vulnerability has been assigned the identifier CVE-2024-21762 and has a CVSS base score of 9.6, indicating a high level of severity.

Remediation

Users are advised to upgrade their FortiProxy and FortiOS to the latest versions to mitigate the vulnerability. Specifically, users should upgrade to FortiProxy version 7.4.3 or above, FortiProxy version 7.2.9 or above, FortiProxy version 7.0.15 or above, FortiProxy version 2.0.14 or above, FortiOS version 7.6.0 or above, FortiOS version 7.4.3 or above, FortiOS version 7.2.7 or above, FortiOS version 7.0.14 or above, FortiOS version 6.4.15 or above, FortiOS version 6.2.16 or above.

References

For more information about this vulnerability, please refer to the official Fortinet advisory at https://fortiguard.com/psirt/FG-IR-24-015. Additionally, the vulnerability is listed in the CISA Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21762.

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing
    Manufacturing
  2. Public Administration
    Public Administration
  3. Retail Trade
    Retail Trade
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Other Services (except Public Administration)
    Other Services (except Public Administration)
  6. Educational Services
    Educational Services
  7. Finance and Insurance
    Finance and Insurance
  8. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  9. Transportation & Warehousing
    Transportation & Warehousing
  10. Accommodation & Food Services
    Accommodation & Food Services
  11. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  12. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  13. Construction
    Construction
  14. Health Care & Social Assistance
    Health Care & Social Assistance
  15. Information
    Information
  16. Management of Companies & Enterprises
    Management of Companies & Enterprises
  17. Mining
    Mining
  18. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database