CVE-2024-21762

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.0.0 through 7.4.2 and FortiProxy versions 2.0.0 through 7.4.2

Description Fortinet FortiOS and FortiProxy contain an out-of-bounds write vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted HTTP requests. This vulnerability is actively being exploited in the wild, with approximately 150,000 systems potentially affected globally, with a high concentration in the United States. Exploitation allows for remote code execution (RCE). A proof-of-concept (PoC) exploit is available. The vulnerability resides in the sslvpnd component.

Recommendations Fortinet FortiOS versions 6.0.0 through 7.4.2: Upgrade to a fixed version or disable SSL VPN as a temporary workaround. FortiProxy versions 2.0.0 through 7.4.2: Upgrade to a fixed version or disable SSL VPN as a temporary workaround.