Risk:	high
Damage:	high
Platform(s):	Fortinet OS Fortinet Products
Advisory ID:	ngCERT-2024-0023
Version:	N/A
CVE:	CVE-2024-21762
Published:	July 11, 2024

Summary

---

ngCERT is aware of a critical security flaw in several versions of Fortinet Operating System (FortiOS). The vulnerability dubbed (CVE-2024-21762) with a CVSS score of 9.6, is an out-of-bounds write vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or command on Fortinet SSL VPNs via specially crafted HTTP requests. It is pertinent to note that other recent Fortinet SSL VPN vulnerabilities identified as (CVE-2022-42475, CVE-2022-41328, and CVE-2023-27997) have been exploited by cybercriminals as both zero-day and n-day following public disclosure. Consequently, ngCERT advises individuals and organizations to take immediate steps to protect their systems from exploitation by threat actors.

Description & Consequence

---

CVE-2024-21762 is an out-of-bounds write vulnerability discovered in Fortinet’s FortiOS/FortiProxy. The flaw resides in the SSL VPN functionality, allowing remote attackers to execute arbitrary code without authentication. Threat actors exploit this flaw by initially sending crafted HTTP requests to vulnerable devices to trigger a buffer overflow condition, potentially leading to remote code execution. The attacker can further carry out other malicious activities. FortiOS versions vulnerable to CVE-2024-21762 include  FortiOS 7.4.0 through 7.4.2, down to all versions of FortiOS 6.0, while FortiProxy 7.4.0 through 7.4.2, down to all versions of FortiProxy 1.0 are affected.

Successful exploitation of the vulnerabilities could lead to:

a.     Theft of sensitive data.

b.     Privilege escalation.

c.     Compromising the internal network.

d.     Setting up a backdoor.

e.     Denial of service (DoS).

f.     Ransomware attacks.

Solution

---

The following are recommended:

a.     Disable the SSL VPN functionality until the vulnerability is patched.

b.     Upgrade FortiOS and FortiProxy to the latest versions provided by Fortinet, following the upgrade path tool via the link https://docs.fortinet.com/upgrade-tool.

c.     Implement network segmentation, access controls, and intrusion detection systems to limit the exposure and impact of potential attacks.

d.     Conduct regular security audits and system updates to ensure compliance and security.

Reference

---

• https://fortiguard.fortinet.com/psirt/FG-IR-24-015
• https://www.cyfirma.com/research/fortios-fortiproxy-cve-2024-21762-vulnerability-analysis-and-exploitation/#:~:text=This%20flaw%20resides%20in%20the,leading%20to%20remote%20code%20execution
• https://www.rapid7.com/blog/post/2024/02/12/etr-critical-fortinet-fortios-cve-2024-21762-exploited/
• https://www.vaadata.com/blog/rce-remote-code-execution-exploitations-and-security-tips/

Revision

---