CVE-2024-21762 - Overview, Insights & Trends

CVE-2024-21762

Published Feb 9, 2024

Last updated 6 months ago

Exploit knownCVSS critical 9.8
Fortinet
FortiOS

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-21762 is an out-of-bounds write vulnerability found in the SSL VPN component of Fortinet's FortiOS and FortiProxy. It resides in the SSL VPN functionality, potentially allowing unauthenticated, remote attackers to execute arbitrary code or commands on affected systems. This is achieved by sending specially crafted HTTP requests to a vulnerable device that has SSL VPN enabled, which can trigger a buffer overflow. Specifically, the vulnerability relates to the handling of HTTP requests using chunked transfer encoding. Analysis of the patch revealed that it introduces validation to ensure a certain value is less than 0x10, and if this condition isn't met, an "invalid chunk length string" is logged. Exploitation could lead to unauthorized access and control of the targeted systems.

Description
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
Source
psirt@fortinet.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Fortinet FortiOS Out-of-Bound Write Vulnerability
Exploit added on
Feb 9, 2024
Exploit action due
Feb 16, 2024
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@fortinet.com
CWE-787

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

19

  1. フォーティネットの重大(Critical)な脆弱性をQilinランサムウェア集団が悪用している。PRODAFT社報告。中程度の信頼度で、CVE-2024-21762やCVE-2024-55591等を悪用。 https://t.co/XScMoF8cu2

    @__kokumoto

    7 Jun 2025

    1480 Impressions

    1 Retweet

    15 Likes

    6 Bookmarks

    0 Replies

    1 Quote

  2. 🚨مجموعة الفدية Qilin تقوم حاليًا باستغلالٍ نشط لثغرات أمنية حرجة في أنظمة Fortigate (مثل CVE-2024-21762 و CVE-2024-55591)، في هجماتٍ مؤتمتة بالكامل، باستثناء اختيار الضحايا

    @abdul__alamri

    6 Jun 2025

    594 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. 🚨 Threat actors are actively exploiting Fortigate vulnerabilities (CVE-2024-21762, CVE-2024-55591, and others) to deploy Qilin ransomware. The attack is fully automated, with only victim selection done manually. Details in our flash alert on CATALYST: https://t.co/BDjEX2KqqO

    @PRODAFT

    6 Jun 2025

    5542 Impressions

    16 Retweets

    33 Likes

    18 Bookmarks

    0 Replies

    0 Quotes

  4. An ninh mạng tháng 02/2025: Lỗ hổng và sự kiện nổi bật Bản tin tháng 02/2025 từ FPT Cloud tổng hợp các lỗ hổng bảo mật nghiêm trọng như CVE-2024-23897, CVE-2024-21762... Đọc chi tiết: https://t.co/Xc6CCjEF8m #fptcloud #cloud_sever_fpt #A

    @fptcloud1

    18 May 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2024-21762

    @transilienceai

    22 Apr 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. ⚡ Even patching won't save you. Fortinet confirms attackers kept read-only access to FortiGate devices after patching old flaws (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) via hidden symlink in SSL-VPN. https://t.co/gqXSmXNMa4

    @achi_tech

    19 Apr 2025

    103 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities: Fortinet is aware of a threat actor creating a malicious file from previously exploited Fortinet vulnerabilities (CVE-2024-21762, CVE-2023-27997, and CVE-2022-42475) within FortiGate prod ...

    @AnnieDo52640257

    15 Apr 2025

    128 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Fortinetのゼロデイ脆弱性、任意のコード実行につながる可能性あり(CVE-2022-42475、CVE-2023-27997、CVE-2024-21762) https://t.co/s2zvEqFPp0 #Security #セキュリティ #ニュース

    @SecureShield_

    15 Apr 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Compromise and persistent access of Fortinet FortiOS products (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) https://t.co/RvWSwRITk1 https://t.co/yl2K6pPyT2

    @djhsecurity

    14 Apr 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Fortinet VPNs Still at Risk Despite Patching Fortinet warns that attackers are maintaining access to compromised FortiGate VPN devices even after security patches. Exploited vulnerabilities include CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. 🔍 How? Hackers left behind

    @ChbibAnas

    13 Apr 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Fortinet warns that attackers can maintain read-only access to FortiGate devices via a symbolic link, even after patching vulnerabilities like CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762, affecting SSL-VPN-enabled devices. https://t.co/gMCtKRq5gy

    @Cyber_O51NT

    13 Apr 2025

    717 Impressions

    2 Retweets

    4 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  12. Fortigateデバイスの脆弱性CVE-2022-42475、CVE-2023-27997、CVE-2024-21762などを悪用しユーザーファイルシステムとルートファイルシステムを接続するシンボリックリンクを作成することで読み取り専用アクセスを維持する方法が発見されたとのこと。 https://t.co/n7FwIJDivV

    @ntsuji

    12 Apr 2025

    2640 Impressions

    3 Retweets

    12 Likes

    6 Bookmarks

    2 Replies

    0 Quotes

  13. Fortinetによれば、最近、既知の脆弱性(CVE-2022-42475、CVE-2023-27997、CVE-2024-21762など)を悪用した攻撃が確認され、新しい手法でFortiGate製品に対して”read-only”のアクセスを維持する事例が発見されました。 ただし、SSL-VPNを有効化していない環境は影響を受けません。 https://t.co/rJ9Vc1KSVE

    @t_nihonmatsu

    12 Apr 2025

    416 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. ⚡ Even patching won't save you. Fortinet confirms attackers kept read-only access to FortiGate devices after patching old flaws (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) via hidden symlink in SSL-VPN. Full details 👉 https://t.co/AbzC2WPo4r

    @TheHackersNews

    11 Apr 2025

    72569 Impressions

    74 Retweets

    154 Likes

    47 Bookmarks

    4 Replies

    8 Quotes

  15. 2024 已经快结束了, 简单总结下吧 一、工作和学习: (1) obsidian 更新或记录了近60篇笔记, 但是博客只更新了 5篇 (2) 漏洞挖掘和漏洞分析方面,基本分析了一年来热度笔记大的安全设备漏洞或者安全事件比如 CVE-2024-21762 、CVE-2024-3400… https://t.co/AJk1Q80OSc

    @bestswngs

    31 Dec 2024

    1368 Impressions

    0 Retweets

    21 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  16. Think VPNs keep you secure? Think again. Our latest article exposes shocking vulnerabilities like CVE-2024-24919 and CVE-2024-21762 that hackers are already exploiting. Don’t miss out—learn how to truly protect your networks! https://t.co/54wYCzTDja @three_cube https://t.co/TTD

    @_aircorridor

    3 Nov 2024

    1115 Impressions

    5 Retweets

    12 Likes

    7 Bookmarks

    0 Replies

    0 Quotes

  17. Actively exploited CVE : CVE-2024-21762

    @transilienceai

    23 Oct 2024

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.