【Vulnerability Alert】Fortinet FortiOS and FortiProxy have high-risk security vulnerabilities (CVE-2024-21762). Please confirm and patch them as soon as possible!
publish date :
2024-03-07
update date :
2024-04-15
Source: Ministry of education information & communication security contingency platform
Publication Number | TACERT-ANA-2024030604034545 | Publication Time | 2024/03/06 16:17 |
Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/03/06 16:17 |
Impact Level | Medium | ||
[Subject] 【Vulnerability Alert】Fortinet FortiOS and FortiProxy have high-risk security vulnerabilities (CVE-2024-21762). Please confirm and patch them as soon as possible! |
|||
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202403-00000009 Researchers have discovered out-of-bounds write vulnerabilities (CVE-2024-21762) in Fortinet FortiOS and FortiProxy, allowing remote attackers without authentication to execute arbitrary code or commands via specially crafted HTTP requests. This vulnerability is currently being exploited by hackers, please confirm and patch it as soon as possible. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
[Affected Platform] ● FortiOS 7.4.0 to 7.4.2 ● FortiOS 7.2.0 to 7.2.6 ● FortiOS 7.0.0 to 7.0.13 ● FortiOS 6.4.0 to 6.4.14 ● FortiOS 6.2.0 to 6.2.15 ● FortiOS 6.0.0 to 6.0.17 ● FortiProxy 7.4.0 to 7.4.2 ● FortiProxy 7.2.0 to 7.2.8 ● FortiProxy 7.0.0 to 7.0.14 ● FortiProxy 2.0.0 to 2.0.13 ● FortiProxy 1.2 all versions ● FortiProxy 1.1 all versions ● FortiProxy 1.0 all versions |
|||
[Recommended Actions] Official fixes for the vulnerability have been released. Please update to the following versions: ● FortiOS 7.4.3 or later, 7.2.7 or later, 7.0.14 or later, 6.4.15 or later, 6.2.16 or later, and 6.0.18 or later. ● FortiProxy 7.4.3 or later, 7.2.9 or later, 7.0.15 or later, and 2.0.14 or later versions. For all versions of 1.2, 1.1, and 1.0, please upgrade to the aforementioned versions with patches. |
|||
[Reference] 1. https://cwe.mitre.org/data/definitions/787.html 2. https://www.fortiguard.com/psirt/FG-IR-24-015 3. https://nvd.nist.gov/vuln/detail/CVE-2024-21762 |
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center