Fortinet Products Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and cross-site scripting on the targeted system.
[Updated on 2024-02-19]
For CVE-2024-21762, a out-of-bounds write vulnerability in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
Note: This is potentially being exploited in the wild. Hence, the risk level is rated from Medium Risk to Extremely High Risk.
Impact
- Denial of Service
- Remote Code Execution
- Information Disclosure
- Cross-Site Scripting
System / Technologies affected
For CVE-2024-21762
- FortiOS 7.4 version 7.4.0 through 7.4.2
- FortiOS 7.2 version 7.2.0 through 7.2.6
- FortiOS 7.0 version 7.0.0 through 7.0.13
- FortiOS 6.4 version 6.4.0 through 6.4.14
- FortiOS 6.2 version 6.2.0 through 6.2.15
- FortiOS 6.0 version all versions
- FortiProxy 7.4 version 7.4.0 through 7.4.2
- FortiProxy 7.2 version 7.2.0 through 7.2.8
- FortiProxy 7.0 version 7.0.0 through 7.0.14
- FortiProxy 2.0 version 2.0.0 through 2.0.13
- FortiProxy 1.2 all versions
- FortiProxy 1.1 all versions
- FortiProxy 1.0 all versions
For Others CVE
- FortiProxy 7.4 version 7.4.0 through 7.4.1
- FortiProxy 7.2 version 7.2.0 through 7.2.7
- FortiProxy 7.0 all versions
- FortiOS 7.4 version 7.4.0 through 7.4.2
- FortiOS 7.2 version 7.2.0 through 7.2.6
- FortiOS 7.0 all versions
- FortiOS 6.4 version 6.4.0 through 6.4.14
- FortiOS 6.2 version 6.2.0 through 6.2.15
- FortiOS 6.0 all versions
- FortiNAC 9.4 version 9.4.0 through 9.4.3
- FortiNAC 9.2 all versions
- FortiNAC 9.1 all versions
- FortiNAC 8.8 all versions
- FortiNAC 8.7 all versions
- FortiNAC 8.6 all versions
- FortiNAC 8.5 all versions
- FortiNAC 8.3 all versions
- FortiNAC 7.2 version 7.2.0 through 7.2.2
- FortiClientEMS 7.2 version 7.2.0 through 7.2.2
- FortiClientEMS 7.0 version 7.0.6 through 7.0.10
- FortiClientEMS 7.0 version 7.0.0 through 7.0.4
- FortiClientEMS 6.4 all versions
- FortiClientEMS 6.2 all versions
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
For CVE-2024-21762
For Others CVE
- https://fortiguard.fortinet.com/psirt/FG-IR-23-063
- https://fortiguard.fortinet.com/psirt/FG-IR-23-301
- https://fortiguard.fortinet.com/psirt/FG-IR-23-357
- https://fortiguard.fortinet.com/psirt/FG-IR-23-397
- https://fortiguard.fortinet.com/psirt/FG-IR-24-029
Vulnerability Identifier
Source
Related Link
- https://fortiguard.fortinet.com/psirt/FG-IR-23-063
- https://fortiguard.fortinet.com/psirt/FG-IR-23-301
- https://fortiguard.fortinet.com/psirt/FG-IR-23-357
- https://fortiguard.fortinet.com/psirt/FG-IR-23-397
- https://fortiguard.fortinet.com/psirt/FG-IR-24-015
- https://fortiguard.fortinet.com/psirt/FG-IR-24-029
Related Tags
Share with