Skip to main content

Fortinet Products Multiple Vulnerabilities

Last Update Date: 19 Feb 2024 Release Date: 9 Feb 2024 4658 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and cross-site scripting on the targeted system.

 

[Updated on 2024-02-19] 

For CVE-2024-21762, a out-of-bounds write vulnerability in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.

Note: This is potentially being exploited in the wild. Hence, the risk level is rated from Medium Risk to Extremely High Risk.


Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure
  • Cross-Site Scripting

System / Technologies affected

For CVE-2024-21762

  • FortiOS 7.4 version 7.4.0 through 7.4.2
  • FortiOS 7.2 version 7.2.0 through 7.2.6
  • FortiOS 7.0 version 7.0.0 through 7.0.13
  • FortiOS 6.4 version 6.4.0 through 6.4.14
  • FortiOS 6.2 version 6.2.0 through 6.2.15
  • FortiOS 6.0 version all versions
  • FortiProxy 7.4 version 7.4.0 through 7.4.2
  • FortiProxy 7.2 version 7.2.0 through 7.2.8
  • FortiProxy 7.0 version 7.0.0 through 7.0.14
  • FortiProxy 2.0 version 2.0.0 through 2.0.13
  • FortiProxy 1.2 all versions
  • FortiProxy 1.1 all versions
  • FortiProxy 1.0 all versions

 

For Others CVE

  • FortiProxy 7.4 version 7.4.0 through 7.4.1
  • FortiProxy 7.2 version 7.2.0 through 7.2.7
  • FortiProxy 7.0 all versions
  • FortiOS 7.4 version 7.4.0 through 7.4.2
  • FortiOS 7.2 version 7.2.0 through 7.2.6
  • FortiOS 7.0 all versions
  • FortiOS 6.4 version 6.4.0 through 6.4.14
  • FortiOS 6.2 version 6.2.0 through 6.2.15
  • FortiOS 6.0 all versions
  • FortiNAC 9.4 version 9.4.0 through 9.4.3
  • FortiNAC 9.2 all versions
  • FortiNAC 9.1 all versions
  • FortiNAC 8.8 all versions
  • FortiNAC 8.7 all versions
  • FortiNAC 8.6 all versions
  • FortiNAC 8.5 all versions
  • FortiNAC 8.3 all versions
  • FortiNAC 7.2 version 7.2.0 through 7.2.2
  • FortiClientEMS 7.2 version 7.2.0 through 7.2.2
  • FortiClientEMS 7.0 version 7.0.6 through 7.0.10
  • FortiClientEMS 7.0 version 7.0.0 through 7.0.4
  • FortiClientEMS 6.4 all versions
  • FortiClientEMS 6.2 all versions

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

For CVE-2024-21762

For Others CVE


Vulnerability Identifier


Source


Related Link