Threat Alert: CVE-2024-21762
FortiOS SSL VPN – Remote Code Execution
A critical vulnerability has been identified in Fortinet’s FortiOS SSL VPN. The vulnerability is described as an out-of-bounds write attempt [CWE-787] that may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
Fortinet warns that this is “potentially being exploited in the wild” and to disable SSL VPN immediately if you cannot patch.
Affected versions and recommended patches are as follows:
-
FortiOS 7.4.0 through 7.4.2 | Solution: Upgrade to 7.4.3 or above
-
FortiOS 7.2.0 through 7.2.6 | Solution: Upgrade to 7.2.7 or above
-
FortiOS 7.0.0 through 7.0.13 | Solution: Upgrade to 7.0.14 or above
-
FortiOS 6.4.0 through 6.4.14 | Solution: Upgrade to 6.4.15 or above
-
FortiOS 6.2.0 through 6.2.15 | Solution: Upgrade to 6.2.16 or above
-
FortiOS 6.0 (all versions affected) | Solution: Migrate to a fixed release
***SHORT-TERM WORKAROUND: DISABLE SSL VPN***
What does this mean for Quadrant customers? There are no proof of concepts or indicators of compromise publicly available at this time. However, our team of Threat Analysts are monitoring the situation closely and will update our detections as soon as indicators are available.
