- Description
- A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Fortinet FortiOS Out-of-Bound Write Vulnerability
- Exploit added on
- Feb 9, 2024
- Exploit action due
- Feb 16, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- psirt@fortinet.com
- CWE-787
- Hype score
- Not currently trending
2024 已经快结束了, 简单总结下吧 一、工作和学习: (1) obsidian 更新或记录了近60篇笔记, 但是博客只更新了 5篇 (2) 漏洞挖掘和漏洞分析方面,基本分析了一年来热度笔记大的安全设备漏洞或者安全事件比如 CVE-2024-21762 、CVE-2024-3400… https://t.co/AJk1Q80OSc
@bestswngs
31 Dec 2024
1368 Impressions
0 Retweets
21 Likes
1 Bookmark
1 Reply
0 Quotes
Think VPNs keep you secure? Think again. Our latest article exposes shocking vulnerabilities like CVE-2024-24919 and CVE-2024-21762 that hackers are already exploiting. Don’t miss out—learn how to truly protect your networks! https://t.co/54wYCzTDja @three_cube https://t.co/TTD
@_aircorridor
3 Nov 2024
1115 Impressions
5 Retweets
12 Likes
7 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-21762
@transilienceai
23 Oct 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "614BFD88-3C7A-4F6F-BD26-F53E4BC464D7",
"versionEndExcluding": "2.0.14",
"versionStartIncluding": "1.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72ED8947-DBF3-483B-B267-117403A3D8E3",
"versionEndExcluding": "7.0.15",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF62C95E-AB35-4A8E-84F8-5197E9D33C21",
"versionEndExcluding": "7.2.9",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A077234-F19C-4E87-A7A5-A266B5C903C7",
"versionEndExcluding": "7.4.3",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE33B892-8CBB-4E16-B529-A1A0C48CE664",
"versionEndExcluding": "6.0.18",
"versionStartIncluding": "6.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DF10835-8DE2-415B-9EE8-99FFD699193E",
"versionEndExcluding": "6.2.16",
"versionStartIncluding": "6.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E29353F-8791-4117-BA7A-E32FAB8348A4",
"versionEndExcluding": "6.4.15",
"versionStartIncluding": "6.4.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C119229A-3805-47C1-B3F9-AF1A4007A63B",
"versionEndExcluding": "7.0.14",
"versionStartIncluding": "7.0.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "553C4BA9-953B-4017-8498-785BDA7A3006",
"versionEndExcluding": "7.2.7",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "757A5257-6103-4DC5-B79F-727E4279614A",
"versionEndExcluding": "7.4.3",
"versionStartIncluding": "7.4.0"
}
],
"operator": "OR"
}
]
}
]