CVE-2024-21762

Published: Feb 9, 2024Modified: Oct 24, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

Affected (10)

Products: Fortinet: Fortios, Fortiproxy

Fortinet

2 products

Fortios

Fortiproxy

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 6.0.0 to 6.0.18
Fortinet Fortios	From 6.2.0 to 6.2.16
Fortinet Fortios	From 6.4.0 to 6.4.15
Fortinet Fortios	From 7.0.0 to 7.0.14
Fortinet Fortios	From 7.2.0 to 7.2.7
Fortinet Fortios	From 7.4.0 to 7.4.3
Fortinet Fortiproxy	From 1.0.0 to 2.0.14
Fortinet Fortiproxy	From 7.0.0 to 7.0.15
Fortinet Fortiproxy	From 7.2.0 to 7.2.9
Fortinet Fortiproxy	From 7.4.0 to 7.4.3

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (3)

https://fortiguard.com/psirt/FG-IR-24-015

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-24-015

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21762

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.