This critical vulnerability in Fortinet FortiOS and FortiProxy allows unauthenticated remote code execution and is currently listed as a known exploited vulnerability by CISA.

What Is It

CVE-2024-21762 is an out-of-bounds write vulnerability classified under CWE-787. It enables a remote unauthenticated attacker to execute unauthorized code or commands via specially crafted HTTP requests against the affected systems.

Why It Matters

The vulnerability carries a CVSS v3.1 base score of 9.8, rated Critical. Attackers require no privileges or user interaction and can exploit it over the network with low complexity. CISA KEV data confirms this flaw is currently being used in known ransomware campaigns, indicating active exploitation in the wild.

What's Vulnerable

Affected products include FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, and 6.0.0 through 6.0.17. FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, and 1.0.0 through 1.0.7 are also impacted.

Patch Status

CISA mandates remediation by the due date of 2024-02-16. Organizations must apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Immediate action is required to prevent unauthorized access and potential ransomware deployment.

Sources