Description
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
References
https://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/?&web_view=true
https://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/
https://isc.sans.edu/diary/rss/30762
https://www.theregister.com/2024/03/18/more_than_133000_fortinet_appliances/?&web_view=true
https://www.theregister.com/2024/03/18/more_than_133000_fortinet_appliances/
https://github.com/h4x0r-dz/CVE-2024-21762
https://www.bleepingcomputer.com/news/security/critical-fortinet-flaw-may-impact-150-000-exposed-devices/?&web_view=true
https://securityaffairs.com/160224/hacking/fortios-bug-cve-2024-21762-150k-devices.html
https://www.bleepingcomputer.com/news/security/critical-fortinet-flaw-may-impact-150-000-exposed-devices/
https://www.rapid7.com/blog/post/2024/02/12/etr-critical-fortinet-fortios-cve-2024-21762-exploited/
https://www.hivepro.com/threat-advisory/critical-vulnerability-in-fortios-ssl-vpn-exploited-in-the-wild/
https://thecyberthrone.in/2024/02/11/cisa-adds-fortinet-bug-to-its-kev-catalog/
https://securityaffairs.com/158955/hacking/cisa-fortinet-fortios-bug-known-exploited-vulnerabilities-catalog.html
https://www.tenable.com/blog/cve-2024-21762-critical-fortinet-fortios-out-of-bound-write-ssl-vpn-vulnerability
https://www.tenable.com/blog/cve-2024-21762-critical-fortinet-fortios-out-of-bound-write-ssl-vpn-vulnerability
https://www.bleepingcomputer.com/news/security/new-fortinet-rce-flaw-in-ssl-vpn-likely-exploited-in-attacks/?&web_view=true
https://securityaffairs.com/158908/hacking/fortinet-fortios-rce-exploitation.html
https://www.bleepingcomputer.com/news/security/new-fortinet-rce-flaw-in-ssl-vpn-likely-exploited-in-attacks/
https://fortiguard.com/psirt/FG-IR-24-015