Fortinet FortiOS and FortiProxy Remote Code Execution

XMLWordPrintable

    • Type: Incident report
    • Resolution: Won't fix
    • Priority: Trivial
    • None
    • Affects Version/s: None
    • Component/s: None
    • None

      We got an error from the tenet vulscanner

      Vulnerability References:

      Fortinet FortiOS and FortiProxy Remote Code Execution (CVE-2024-21762) (Nessus Plugin ID 236788)

      Port: 443/tcp
      Severity: High
      Summary: The remote web server is affected by a remote code execution vulnerability.
      Details: The instance of Fortinet FortiOS or Fortinet FortiProxy running on the remote host is affected by a remote code execution vulnerability: - A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests. (CVE-2024-21762)
      Fix: Upgrade to a patched version according to the vendor advisory.

      {}See also: https://www.fortiguard.com/psirt/FG-IR-24-015
      Associated CVE: CVE-2024-21762

            Assignee:
            Zabbix Support Team
            Reporter:
            Dirk Gendritzki
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: