Recent disclosures from cyber security researchers have shed light on CVE-2024-21762 within Fortinet’s FortiOS and FortiProxy products, raising concerns about potential exploitation in the wild. As of March 2024, CISA has issued multiple warnings about this vulnerability which affects over 150,000 devices, reiterating the importance of its immediate remediation.
Here’s everything you need to know.
What is CVE-2024-21762?
On February 8, Fortinet published an advisory (FG-IR-24-015) to address a critical flaw in its network operating system, FortiOS.
CVE-2024-21762 is a severe out-of-bounds write vulnerability discovered in Fortinet’s FortiOS and FortiProxy products. This flaw, with a CVSS score of 9.6, poses a significant risk of remote code execution (RCE) by allowing unauthenticated attackers to execute arbitrary code or commands via specially crafted HTTP requests. The vulnerability resides in the SSL VPN functionality of affected products, making them susceptible to exploitation by threat actors.
Does CVE-2024-21762 affect me?
Organizations utilizing FortiOS versions ranging from 6.0 to 7.4 and FortiProxy products are vulnerable to CVE-2024-21762. It is estimated that over 150,000 devices are affected.
Notably, FortiOS 7.6 remains unaffected by this vulnerability. If your organization relies on any of the impacted versions, it’s crucial to prioritize patching or implement recommended workarounds promptly. Failure to address this vulnerability promptly may expose your systems to exploitation, potentially resulting in unauthorized access and data breaches.
The National Vulnerability Database (NVD) lists the following affected versions of FortiOS and FortiProxy:
- FortiOS 7.4.0 to 7.4.2
- FortiOS 7.2.0 to 7.2.6
- FortiOS 7.0.0 to 7.0.13
- FortiOS 6.4.0 to 6.4.14
- FortiOS 6.2.0 to 6.2.15
- FortiOS 6.0.0 to 6.0.17
- FortiProxy 7.2.0 to 7.4.2
- FortiProxy 7.2.0 to 7.2.8
- FortiProxy 7.0.0 to 7.0.14
- FortiProxy 2.0.0 to 2.0.13
- FortiProxy 1.2.0 to 1.2.13
- FortiProxy 1.1.0 to 1.1.6
- FortiProxy 1.0.0 to 1.0.7
Has CVE-2024-21762 been actively exploited in the wild?
While specific details regarding exploitation in the wild remain undisclosed, Fortinet has issued warnings indicating the likelihood of CVE-2024-21762 being actively exploited by threat actors. The existence of active exploitation underscores the urgency of addressing this vulnerability to prevent potential compromise and protect sensitive data. Organizations must remain vigilant and proactive in their security posture to mitigate the risks associated with this vulnerability.
How to fix CVE-2024-21762?
The National Vulnerability Database (NVD) provides a comprehensive list of affected versions of FortiOS and FortiProxy products. It is imperative for organizations to identify and prioritize patching vulnerable systems promptly. Fortinet has also outlined recommended upgrade paths and mitigation strategies to assist organizations in effectively addressing CVE-2024-21762 and fortifying their security defenses against potential threats.
| Branch | Affected Versions | Fixed Versions |
| FortiOS 6.0 | FortiOS 6.0.0 (all versions) | Migrate to a newer version |
| FortiOS 6.2 | FortiOS 6.2.0 through 6.2.15 | FortiOS 6.2.16 or above |
| FortiOS 6.4 | FortiOS 6.4.0 through 6.4.14 | FortiOS 6.4.15 or above |
| FortiOS 7.0 | FortiOS 7.0.0 through 7.0.13 | FortiOS 7.0.14 or above |
| FortiOS 7.2 | FortiOS 7.2.0 through 7.2.6 | FortiOS 7.2.7 or above |
| FortiOS 7.4 | FortiOS 7.4.0 through 7.4.2 | FortiOS 7.4.3 or above |
| FortiOS 7.6 | Not Affected | N/A |
Fortinet faces week of vulnerabilities
In addition to CVE-2024-21762, Fortinet has addressed three other critical vulnerabilities impacting FortiOS and FortiSIEM products. While these vulnerabilities may not be actively exploited at present, they highlight the ongoing importance of proactive vulnerability management and timely patching to safeguard against emerging threats. By maintaining a robust security posture and promptly addressing vulnerabilities, organizations can mitigate the risk of exploitation and protect their assets from cyber threats.
The disclosure of CVE-2024-21762 and other critical vulnerabilities underscores the dynamic and evolving nature of cyber security threats. Organizations must remain vigilant, stay informed about emerging vulnerabilities, and take proactive measures to secure their systems.
By promptly patching vulnerable systems and implementing robust security practices, organizations can mitigate the risks posed by CVE-2024-21762 and other emerging threats, thereby safeguarding their digital assets and maintaining the integrity of their IT infrastructure.
Next steps
Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:
