← Voltar para CVEs
CVE-2024-21762
CRITICALCISA KEV9.8
Descricao
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/9/2024
Ultima modificacao10/24/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorFortinet
ProdutoFortiOS
Nome da vulnerabilidadeFortinet FortiOS Out-of-Bound Write Vulnerability
Data inclusao KEV2024-02-09
Prazo de remediacao2024-02-16
Uso em ransomwareKnown
Produtos afetados
fortinet:fortiosfortinet:fortiproxy
Fraquezas (CWE)
CWE-787
Referencias
https://fortiguard.com/psirt/FG-IR-24-015(psirt@fortinet.com)
https://fortiguard.com/psirt/FG-IR-24-015(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21762(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.