-
Type:
Incident report
-
Resolution: Won't fix
-
Priority:
Trivial
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
We got an error from the tenet vulscanner
Vulnerability References:
Fortinet FortiOS and FortiProxy Remote Code Execution (CVE-2024-21762) (Nessus Plugin ID 236788)
Port: 443/tcp
Severity: High
Summary: The remote web server is affected by a remote code execution vulnerability.
Details: The instance of Fortinet FortiOS or Fortinet FortiProxy running on the remote host is affected by a remote code execution vulnerability: - A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests. (CVE-2024-21762)
Fix: Upgrade to a patched version according to the vendor advisory.
{}See also: https://www.fortiguard.com/psirt/FG-IR-24-015
Associated CVE: CVE-2024-21762