Vulnerability DatabaseCVE-2024-21762

CVE-2024-21762:
FortiOS vulnerability analysis and mitigation

Summary

CVE-2024-21762 and CVE-2024-23113 are critical vulnerabilities in Fortinet's FortiOS which received the CVSS score of 9.6 and 9.8 respectively. Both vulnerabilities could allow a remote unauthenticated attacker to execute arbitrary code or commands, and CVE-2024-21762 is reportedly being exploited in the wild. It is recommended to upgrade FortiOS instances to patched versions as soon as possible.

Technical details

The vulnerability identified as CVE-2024-21762, rated with a CVSS score of 9.6, stems from improper parameter validation within FortiOS SSL-VPN. It can be exploited by a remote, unauthenticated attacker through specially designed HTTP requests, leading to a scenario where fewer bytes than intended are copied beyond the buffer's limits. This results in memory corruption and the redirection of process flow, potentially allowing the execution of arbitrary code or commands. According to Fortinet, this vulnerability is "potentially being exploited in the wild".

Similarly, CVE-2024-23113, carrying a CVSS score of 9.8, is attributed to a format string vulnerability found in the FortiOS fgfmd daemon. This flaw could enable a remote attacker, without any authentication, to execute arbitrary code or commands by sending specifically tailored requests.

Affected products

The following versions are affected:

CVE-2024-23113

Product	Affected version	Remediation
FortiOS 7.4	7.4.0 through 7.4.2	Upgrade to 7.4.3 or above
FortiOS 7.2	7.2.0 through 7.2.6	Upgrade to 7.2.7 or above
FortiOS 7.0	7.0.0 through 7.0.13	Upgrade to 7.0.14 or above
FortiPAM 1.2	1.2.0	Upgrade to 1.2.1 or above
FortiPAM 1.1	1.1.0 through 1.1.2	Upgrade to 1.1.3 or above
FortiPAM 1.0	1.0 all versions	Migrate to a fixed release
FortiProxy 7.4	7.4.0 through 7.4.2	Upgrade to 7.4.3 or above
FortiProxy 7.2	7.2.0 through 7.2.8	Upgrade to 7.2.9 or above
FortiProxy 7.0	7.0.0 through 7.0.14	Upgrade to 7.0.16 or above

CVE-2024-21762

Column A	Affected version	Remediation
FortiOS 7.4	7.4.0 through 7.4.2	Upgrade to 7.4.3 or above
FortiOS 7.2	7.2.0 through 7.2.6	Upgrade to 7.2.7 or above
FortiOS 7.0	7.0.0 through 7.0.13	Upgrade to 7.0.14 or above
FortiOS 6.4	6.4.0 through 6.4.14	Upgrade to 6.4.15 or above
FortiOS 6.2	6.2.0 through 6.2.15	Upgrade to 6.2.16 or above
FortiOS 6.0	6.0 all versions	Migrate to a fixed release
FortiProxy 7.4	7.4.0 through 7.4.2	Upgrade to 7.4.3 or above
FortiProxy 7.2	7.2.0 through 7.2.8	Upgrade to 7.2.9 or above
FortiProxy 7.0	7.0.0 through 7.0.14	Upgrade to 7.0.15 or above
FortiProxy 2.0	2.0.0 through 2.0.13	Upgrade to 2.0.14 or above
FortiProxy 1.2	1.2 all versions	Migrate to a fixed release
FortiProxy 1.1	1.1 all versions	Migrate to a fixed release
FortiProxy 1.0	1.0 all versions	Migrate to a fixed release

Workarounds and mitigations

CVE-2024-21762

If you are unable to patch affected instances, it is possible to mitigate CVE-2024-21762 by disabling SSL VPN as a workaround.

CVE-2024-23113

If you are unable to patch affected instances, it is possible to mitigate CVE-2024-23113 by removing FGFM access for each interface, as described in Fortinet's advisory (this will prevent FortiGate discovery from FortiManager, but connections from the FortiGate will still work).