9.8
CVE-2024-21762
- EPSS 92.68%
- Veröffentlicht 09.02.2024 09:15:08
- Zuletzt bearbeitet 29.11.2024 15:23:32
- Quelle psirt@fortinet.com
- Teams Watchlist Login
- Unerledigt Login
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortiproxy Version >= 1.0.0 < 2.0.14
Fortinet ≫ Fortiproxy Version >= 7.0.0 < 7.0.15
Fortinet ≫ Fortiproxy Version >= 7.2.0 < 7.2.9
Fortinet ≫ Fortiproxy Version >= 7.4.0 < 7.4.3
09.02.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Fortinet FortiOS Out-of-Bound Write Vulnerability
SchwachstelleFortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen09.02.2024: CERT.at Warnung
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 92.68% | 0.997 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.