CVE-2024-21762
Published Feb 9, 2024
Last updated 5 months ago
AI description
CVE-2024-21762 is an out-of-bounds write vulnerability found in the SSL VPN component of Fortinet's FortiOS and FortiProxy. It resides in the SSL VPN functionality, potentially allowing unauthenticated, remote attackers to execute arbitrary code or commands on affected systems. This is achieved by sending specially crafted HTTP requests to a vulnerable device that has SSL VPN enabled, which can trigger a buffer overflow. Specifically, the vulnerability relates to the handling of HTTP requests using chunked transfer encoding. Analysis of the patch revealed that it introduces validation to ensure a certain value is less than 0x10, and if this condition isn't met, an "invalid chunk length string" is logged. Exploitation could lead to unauthorized access and control of the targeted systems.
- Description
- A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Fortinet FortiOS Out-of-Bound Write Vulnerability
- Exploit added on
- Feb 9, 2024
- Exploit action due
- Feb 16, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- psirt@fortinet.com
- CWE-787
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2024-21762
@transilienceai
22 Apr 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚡ Even patching won't save you. Fortinet confirms attackers kept read-only access to FortiGate devices after patching old flaws (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) via hidden symlink in SSL-VPN. https://t.co/gqXSmXNMa4
@achi_tech
19 Apr 2025
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities: Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities (CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475) within FortiGate prod ...
@AnnieDo52640257
15 Apr 2025
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinetのゼロデイ脆弱性、任意のコード実行につながる可能性あり(CVE-2022-42475、CVE-2023-27997、CVE-2024-21762) https://t.co/s2zvEqFPp0 #Security #セキュリティ #ニュース
@SecureShield_
15 Apr 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Compromise and persistent access of Fortinet FortiOS products (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) https://t.co/RvWSwRITk1 https://t.co/yl2K6pPyT2
@djhsecurity
14 Apr 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet VPNs Still at Risk Despite Patching Fortinet warns that attackers are maintaining access to compromised FortiGate VPN devices even after security patches. Exploited vulnerabilities include CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. 🔍 How? Hackers left behind
@ChbibAnas
13 Apr 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Fortinet warns that attackers can maintain read-only access to FortiGate devices via a symbolic link, even after patching vulnerabilities like CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762, affecting SSL-VPN-enabled devices. https://t.co/gMCtKRq5gy
@Cyber_O51NT
13 Apr 2025
717 Impressions
2 Retweets
4 Likes
2 Bookmarks
1 Reply
0 Quotes
Fortigateデバイスの脆弱性CVE-2022-42475、CVE-2023-27997、CVE-2024-21762などを悪用しユーザーファイルシステムとルートファイルシステムを接続するシンボリックリンクを作成することで読み取り専用アクセスを維持する方法が発見されたとのこと。 https://t.co/n7FwIJDivV
@ntsuji
12 Apr 2025
2640 Impressions
3 Retweets
12 Likes
6 Bookmarks
2 Replies
0 Quotes
Fortinetによれば、最近、既知の脆弱性(CVE-2022-42475、CVE-2023-27997、CVE-2024-21762など)を悪用した攻撃が確認され、新しい手法でFortiGate製品に対して”read-only”のアクセスを維持する事例が発見されました。 ただし、SSL-VPNを有効化していない環境は影響を受けません。 https://t.co/rJ9Vc1KSVE
@t_nihonmatsu
12 Apr 2025
416 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
⚡ Even patching won't save you. Fortinet confirms attackers kept read-only access to FortiGate devices after patching old flaws (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) via hidden symlink in SSL-VPN. Full details 👉 https://t.co/AbzC2WPo4r
@TheHackersNews
11 Apr 2025
72569 Impressions
74 Retweets
154 Likes
47 Bookmarks
4 Replies
8 Quotes
2024 已经快结束了, 简单总结下吧 一、工作和学习: (1) obsidian 更新或记录了近60篇笔记, 但是博客只更新了 5篇 (2) 漏洞挖掘和漏洞分析方面,基本分析了一年来热度笔记大的安全设备漏洞或者安全事件比如 CVE-2024-21762 、CVE-2024-3400… https://t.co/AJk1Q80OSc
@bestswngs
31 Dec 2024
1368 Impressions
0 Retweets
21 Likes
1 Bookmark
1 Reply
0 Quotes
Think VPNs keep you secure? Think again. Our latest article exposes shocking vulnerabilities like CVE-2024-24919 and CVE-2024-21762 that hackers are already exploiting. Don’t miss out—learn how to truly protect your networks! https://t.co/54wYCzTDja @three_cube https://t.co/TTD
@_aircorridor
3 Nov 2024
1115 Impressions
5 Retweets
12 Likes
7 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-21762
@transilienceai
23 Oct 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "614BFD88-3C7A-4F6F-BD26-F53E4BC464D7",
"versionEndExcluding": "2.0.14",
"versionStartIncluding": "1.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72ED8947-DBF3-483B-B267-117403A3D8E3",
"versionEndExcluding": "7.0.15",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF62C95E-AB35-4A8E-84F8-5197E9D33C21",
"versionEndExcluding": "7.2.9",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A077234-F19C-4E87-A7A5-A266B5C903C7",
"versionEndExcluding": "7.4.3",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE33B892-8CBB-4E16-B529-A1A0C48CE664",
"versionEndExcluding": "6.0.18",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DF10835-8DE2-415B-9EE8-99FFD699193E",
"versionEndExcluding": "6.2.16",
"versionStartIncluding": "6.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E29353F-8791-4117-BA7A-E32FAB8348A4",
"versionEndExcluding": "6.4.15",
"versionStartIncluding": "6.4.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C119229A-3805-47C1-B3F9-AF1A4007A63B",
"versionEndExcluding": "7.0.14",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "553C4BA9-953B-4017-8498-785BDA7A3006",
"versionEndExcluding": "7.2.7",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "757A5257-6103-4DC5-B79F-727E4279614A",
"versionEndExcluding": "7.4.3",
"versionStartIncluding": "7.4.0"
}
],
"operator": "OR"
}
]
}
]