Fortinetの脆弱性:CVE-2024-21762
2024年2月9日
著者 Lauren Farrell
On Thursday, February 8th, the Fortinet Product Security Incident Response Team released an advisory (FG-IR-24-015) notifying of an out-of-bound write vulnerability in their SSL VPN tracked as CVE-2024-21762. The vulnerability "may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests”. This is concerning as there are estimates of over 490,000 Fortinet SSL VPN appliances on the internet which by design, are on the edge of customer networks.
Fortinet has advised that the vulnerability is being “potentially exploited in the wild” but, at this time have not provided any further information. This comes only a day after a Fortinet blog entry deep diving into the exploitation of previously disclosed Fortinet vulnerabilities using techniques indicative of nation state actors.
Vulnerability Workaround: Disable SSL VPN (Note: disable webmode is NOT a valid workaround)
Vulnerability Remediation:
If you are a current Fortinet customer, CleanINTERNET® will continue to provide dynamic threat intelligence based protection against known indicators of compromise, limiting threat actors ability to attack. Additional shielding opportunities may become available depending on observed network traffic.
If you are a current client of Fortinet please contact support@centripetal.ai.
Centripetal is pleased to offer Penetration Testing and Vulnerability Assessment services to help organizations identify vulnerabilities and reduce risk. If interested, please contact our Professional Services team at profservs@centripetal.ai or reach out to your Centripetal Account Representative.
| Version | Affected | Solution |
| FortiOS 7.6 | Not affected | Not Applicable |
| FortiOS 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above |
| FortiOS 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
| FortiOS 6.2 | 6.2.0 through 6.2.15 | Upgrade to 6.2.16 or above |
| FortiOS 6.0 | 6.0 all versions | Migrate to a fixed release |
迫り来る脅威を知る。 次の脅威を止める。
こちらから無料の脅威アラート速報サービスに登録してください。
あなたの組織にふさわしいサイバー犯罪の防壁
当社のセキュリティ チームによるカスタム デモンストレーションにご登録ください。当社が優秀な人材と最も完全な脅威インテリジェンスのコレクションを結集して、驚くべきレベルの安心感を提供する方法を説明します。