⚡ TL;DR | Go Straight to the Fortinet Vulnerability Audit Report
Fortinet is warning its users about a new critical remote code execution vulnerability in FortiOS. This vulnerability may already be under active exploitation. When successfully exploited, remote code execution can compromise the integrity of sensitive data and systems. We have added a new report to Lansweeper to help you locate vulnerable devices.
Fortinet Vulnerability CVE-2024-21762
The vulnerability tracked as CVE-2024-21762 is an out-of-bounds write vulnerability in FortiOS. The issue received a critical CVSS score of 9.6 and is potentially already be exploited in the wild. It could be exploited by an attacker to execute arbitrary code or commands via specially crafted HTTP requests. Arbitrary code execution attacks can compromise the integrity of sensitive data and systems. You can read the full details in Fortinet’s advisory.
This vulnerability was disclosed along with 3 more vulnerabilities (CVE-2024-23113: 9.8/Critical, CVE-2023-44487: Medium, and CVE-2023-47537: Medium). However, there were at the time of publication no reports of any of these issues being exploited in the wild.
Update Vulnerable Fortinet Devices
To patch this vulnerability Fortinet’s advisory recommends updating affected instances of FortiOS to the latest version as found in the table below. Make sure to update any affected devices as soon as possible.
If it is not possible for you to update right away, you can disable SSL VPN as a workaround.
| Version | Affected version | Solution |
| FortiOS 7.6 | Not affected | Not Applicable |
| FortiOS 7.4 | 7.4.0 through 7.4.2 | Upgrade to 7.4.3 or above |
| FortiOS 7.2 | 7.2.0 through 7.2.6 | Upgrade to 7.2.7 or above |
| FortiOS 7.0 | 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above |
| FortiOS 6.4 | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
| FortiOS 6.2 | 6.2.0 through 6.2.15 | Upgrade to 6.2.16 or above |
| FortiOS 6.0 | 6.0 all versions | Migrate to a fixed release |
Discover Vulnerable Fortinet Devices
Our team has added a new report to Lansweeper to help you locate vulnerable Fortinet devices. This will give you an actionable list of devices that are running an affected version of FortiOS and need you to take action. You can get the report via the link below.
