CVE-2024-21762

Опубликовано: 09 фев. 2024

Источник: nvd

CVSS3: 9.8

EPSS Критический

Описание

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

Ссылки

https://fortiguard.com/psirt/FG-IR-24-015
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-24-015
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21762
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Версия от 1.0.0 (включая) до 2.0.14 (исключая)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Версия от 7.0.0 (включая) до 7.0.15 (исключая)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Версия от 7.2.0 (включая) до 7.2.9 (исключая)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Версия от 7.4.0 (включая) до 7.4.3 (исключая)