9.8
CVE-2024-21762
- EPSS 92.68%
- Published 09.02.2024 09:15:08
- Last modified 29.11.2024 15:23:32
- Source psirt@fortinet.com
- Teams watchlist Login
- Open Login
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
Data is provided by the National Vulnerability Database (NVD)
Fortinet ≫ Fortiproxy Version >= 1.0.0 < 2.0.14
Fortinet ≫ Fortiproxy Version >= 7.0.0 < 7.0.15
Fortinet ≫ Fortiproxy Version >= 7.2.0 < 7.2.9
Fortinet ≫ Fortiproxy Version >= 7.4.0 < 7.4.3
09.02.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Fortinet FortiOS Out-of-Bound Write Vulnerability
VulnerabilityFortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
DescriptionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Required actions09.02.2024: CERT.at Warnung
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 92.68% | 0.997 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.