Fortinet Vulnerability: CVE-2024-21762
February 9, 2024
By Lauren Farrell
On Thursday, February 8th, the Fortinet Product Security Incident Response Team released an advisory (FG-IR-24-015) notifying of an out-of-bound write vulnerability in their SSL VPN tracked as CVE-2024-21762. The vulnerability "may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests”. This is concerning as there are estimates of over 490,000 Fortinet SSL VPN appliances on the internet which by design, are on the edge of customer networks.
Fortinet has advised that the vulnerability is being “potentially exploited in the wild” but, at this time have not provided any further information. This comes only a day after a Fortinet blog entry deep diving into the exploitation of previously disclosed Fortinet vulnerabilities using techniques indicative of nation state actors.
Vulnerability Workaround: Disable SSL VPN (Note: disable webmode is NOT a valid workaround)
Vulnerability Remediation:
If you are a current Fortinet customer, CleanINTERNET® will continue to provide dynamic threat intelligence based protection against known indicators of compromise, limiting threat actors ability to attack. Additional shielding opportunities may become available depending on observed network traffic.
If you are a current client of Fortinet please contact support@centripetal.ai.
Centripetal is pleased to offer Penetration Testing and Vulnerability Assessment services to help organizations identify vulnerabilities and reduce risk. If interested, please contact our Professional Services team at profservs@centripetal.ai or reach out to your Centripetal Account Representative.
| Version | Affected | Solution |
| FortiOS 7.6 | Not affected | Not Applicable |
| FortiOS 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above |
| FortiOS 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
| FortiOS 6.2 | 6.2.0 through 6.2.15 | Upgrade to 6.2.16 or above |
| FortiOS 6.0 | 6.0 all versions | Migrate to a fixed release |
Know what’s coming. Stop what’s next.
Sign up for our free threat alert bulletin service here.
The Cybercrime Barrier Your Organization Deserves
Sign up for a custom demonstration from our security team of how we bring together the best minds and most complete collection of threat intelligence to provide you with a shocking level of relief.