Voyager18 (research)

Urgent alert: Fix CVE-2024-21762 in FortiOS

CVE-2024-21762 has been discovered in FortIOS products, and demands our attention. Here's everything you need to know.

Yair Divinsky | March 11, 2024

Recent disclosures from cyber security researchers have shed light on CVE-2024-21762 within Fortinet’s FortiOS and FortiProxy products, raising concerns about potential exploitation in the wild. As of March 2024, CISA has issued multiple warnings about this vulnerability which affects over 150,000 devices, reiterating the importance of its immediate remediation.

Here’s everything you need to know.

What is CVE-2024-21762?

On February 8, Fortinet published an advisory (FG-IR-24-015) to address a critical flaw in its network operating system, FortiOS.  

CVE-2024-21762 is a severe out-of-bounds write vulnerability discovered in Fortinet’s FortiOS and FortiProxy products. This flaw, with a CVSS score of 9.6, poses a significant risk of remote code execution (RCE) by allowing unauthenticated attackers to execute arbitrary code or commands via specially crafted HTTP requests. The vulnerability resides in the SSL VPN functionality of affected products, making them susceptible to exploitation by threat actors. 

Does CVE-2024-21762 affect me? 

Organizations utilizing FortiOS versions ranging from 6.0 to 7.4 and FortiProxy products are vulnerable to CVE-2024-21762. It is estimated that over 150,000 devices are affected. 

Notably, FortiOS 7.6 remains unaffected by this vulnerability. If your organization relies on any of the impacted versions, it’s crucial to prioritize patching or implement recommended workarounds promptly. Failure to address this vulnerability promptly may expose your systems to exploitation, potentially resulting in unauthorized access and data breaches. 

The National Vulnerability Database (NVD) lists the following affected versions of FortiOS and FortiProxy: 

  • FortiOS 7.4.0 to 7.4.2 
  • FortiOS 7.2.0 to 7.2.6 
  • FortiOS 7.0.0 to 7.0.13 
  • FortiOS 6.4.0 to 6.4.14 
  • FortiOS 6.2.0 to 6.2.15 
  • FortiOS 6.0.0 to 6.0.17 
  • FortiProxy 7.2.0 to 7.4.2 
  • FortiProxy 7.2.0 to 7.2.8 
  • FortiProxy 7.0.0 to 7.0.14 
  • FortiProxy 2.0.0 to 2.0.13 
  • FortiProxy 1.2.0 to 1.2.13 
  • FortiProxy 1.1.0 to 1.1.6 
  • FortiProxy 1.0.0 to 1.0.7 

Has CVE-2024-21762 been actively exploited in the wild? 

While specific details regarding exploitation in the wild remain undisclosed, Fortinet has issued warnings indicating the likelihood of CVE-2024-21762 being actively exploited by threat actors. The existence of active exploitation underscores the urgency of addressing this vulnerability to prevent potential compromise and protect sensitive data. Organizations must remain vigilant and proactive in their security posture to mitigate the risks associated with this vulnerability. 



How to fix CVE-2024-21762?

The National Vulnerability Database (NVD) provides a comprehensive list of affected versions of FortiOS and FortiProxy products. It is imperative for organizations to identify and prioritize patching vulnerable systems promptly. Fortinet has also outlined recommended upgrade paths and mitigation strategies to assist organizations in effectively addressing CVE-2024-21762 and fortifying their security defenses against potential threats. 


Affected Versions 

Fixed Versions 

FortiOS 6.0 

FortiOS 6.0.0 (all versions) 

Migrate to a newer version 

FortiOS 6.2 

FortiOS 6.2.0 through 6.2.15 

FortiOS 6.2.16 or above 

FortiOS 6.4 

FortiOS 6.4.0 through 6.4.14 

FortiOS 6.4.15 or above 

FortiOS 7.0 

FortiOS 7.0.0 through 7.0.13 

FortiOS 7.0.14 or above 

FortiOS 7.2 

FortiOS 7.2.0 through 7.2.6 

FortiOS 7.2.7 or above 

FortiOS 7.4 

FortiOS 7.4.0 through 7.4.2 

FortiOS 7.4.3 or above 

FortiOS 7.6 

Not Affected 


Fortinet faces week of vulnerabilities

In addition to CVE-2024-21762, Fortinet has addressed three other critical vulnerabilities impacting FortiOS and FortiSIEM products. While these vulnerabilities may not be actively exploited at present, they highlight the ongoing importance of proactive vulnerability management and timely patching to safeguard against emerging threats. By maintaining a robust security posture and promptly addressing vulnerabilities, organizations can mitigate the risk of exploitation and protect their assets from cyber threats. 

The disclosure of CVE-2024-21762 and other critical vulnerabilities underscores the dynamic and evolving nature of cyber security threats. Organizations must remain vigilant, stay informed about emerging vulnerabilities, and take proactive measures to secure their systems. 

By promptly patching vulnerable systems and implementing robust security practices, organizations can mitigate the risks posed by CVE-2024-21762 and other emerging threats, thereby safeguarding their digital assets and maintaining the integrity of their IT infrastructure. 

Next steps 

Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

  1. 2023 Vulnerability watch reports 
  2. MITRE ATTACK framework – Mapping techniques to CVEs  
  3. The true impact of exploitable vulnerabilities for 2024
  4. Multi-cloud security challenges – a best practice guide
  5. How to properly tackle zero-day threats

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy