TRY NOW
Vulnerability

Fortinet Fixes Possibly Exploited Critical RCE Vulnerability in FortiOS

2 min. read
09/02/2024
By Laura Libeer
Fortinet-Vulnerability-Featured

⚡ TL;DR | Go Straight to the Fortinet Vulnerability Audit Report

Fortinet is warning its users about a new critical remote code execution vulnerability in FortiOS. This vulnerability may already be under active exploitation. When successfully exploited, remote code execution can compromise the integrity of sensitive data and systems. We have added a new report to Lansweeper to help you locate vulnerable devices.

Fortinet Vulnerability CVE-2024-21762

The vulnerability tracked as CVE-2024-21762 is an out-of-bounds write vulnerability in FortiOS. The issue received a critical CVSS score of 9.6 and is potentially already be exploited in the wild. It could be exploited by an attacker to execute arbitrary code or commands via specially crafted HTTP requests. Arbitrary code execution attacks can compromise the integrity of sensitive data and systems. You can read the full details in Fortinet’s advisory.

This vulnerability was disclosed along with 3 more vulnerabilities (CVE-2024-23113: 9.8/Critical, CVE-2023-44487: Medium, and CVE-2023-47537: Medium). However, there were at the time of publication no reports of any of these issues being exploited in the wild.

Update Vulnerable Fortinet Devices

To patch this vulnerability Fortinet’s advisory recommends updating affected instances of FortiOS to the latest version as found in the table below. Make sure to update any affected devices as soon as possible.

If it is not possible for you to update right away, you can disable SSL VPN as a workaround.

VersionAffected versionSolution
FortiOS 7.6Not affectedNot Applicable
FortiOS 7.47.4.0 through 7.4.2Upgrade to 7.4.3 or above
FortiOS 7.27.2.0 through 7.2.6Upgrade to 7.2.7 or above
FortiOS 7.07.0.0 through 7.0.13Upgrade to 7.0.14 or above
FortiOS 6.46.4.0 through 6.4.14Upgrade to 6.4.15 or above
FortiOS 6.26.2.0 through 6.2.15Upgrade to 6.2.16 or above
FortiOS 6.06.0 all versionsMigrate to a fixed release

Discover Vulnerable Fortinet Devices

Our team has added a new report to Lansweeper to help you locate vulnerable Fortinet devices. This will give you an actionable list of devices that are running an affected version of FortiOS and need you to take action. You can get the report via the link below.

fortinet vulnerability report example
NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.