===================================================================== 

CERT-Renater 

Note d'Information No. 2024/VULN084 
_____________________________________________________________________ 

DATE : 09/02/2024 

HARDWARE PLATFORM(S): / 

OPERATING SYSTEM(S): FortiOS - Out-of-bound Write in sslvpnd 

===================================================================== 
[ https://www.fortiguard.com/psirt/FG-IR-24-015 | https://www.fortiguard.com/psirt/FG-IR-24-015 ] 
_____________________________________________________________________ 


Summary : 

A out-of-bounds write vulnerability [CWE-787] in FortiOS may allow 
a remote unauthenticated attacker to execute arbitrary code or command 
via specially crafted HTTP requests. 

Workaround : disable SSL VPN (disable webmode is NOT a valid workaround) 

Note: This is potentially being exploited in the wild. 

Version Affected Solution 

FortiOS 7.6 Not affected Not Applicable 
FortiOS 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above 
FortiOS 7.2 7.2.0 through 7.2.6 Upgrade to 7.2.7 or above 
FortiOS 7.0 7.0.0 through 7.0.13 Upgrade to 7.0.14 or above 
FortiOS 6.4 6.4.0 through 6.4.14 Upgrade to 6.4.15 or above 
FortiOS 6.2 6.2.0 through 6.2.15 Upgrade to 6.2.16 or above 
FortiOS 6.0 6.0 all versions Migrate to a fixed release 


Follow the recommended upgrade path using our tool at: [ https://docs.fortinet.com/upgrade-tool | https://docs.fortinet.com/upgrade-tool ] 


+-------------------------------------------------------------------- 

FortiOS - Out-of-bound Write in sslvpnd 

CVE-2024-21762 

SIR: High 

CVSS Score v(3.1): 9.6 

URL: 
[ https://www.fortiguard.com/psirt/FG-IR-24-015 | https://www.fortiguard.com/psirt/FG-IR-24-015 ] 

========================================================= 
+ CERT-RENATER | tel : 01-53-94-20-44 + 
+ 23/25 Rue Daviel | fax : 01-53-94-20-41 + 
+ 75013 Paris | email: cert@support.renater.fr + 
=========================================================