Skip to main content

Fortinet Products Multiple Vulnerabilities

Last Update Date: 10 Oct 2024 Release Date: 9 Feb 2024 12199 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and cross-site scripting on the targeted system.

 

[Updated on 2024-02-19] 

For CVE-2024-21762, a out-of-bounds write vulnerability in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.

Note: This is potentially being exploited in the wild. Hence, the risk level is rated from Medium Risk to Extremely High Risk.

 

[Updated on 2024-10-10] 

Note: CVE-2024-23113 is potentially being exploited in the wild

For CVE-2024-23113, a use of externally-controlled format string vulnerability in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.

Updated System / Technologies affected, Solutions and Related Links.


Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure
  • Cross-Site Scripting

System / Technologies affected

For CVE-2024-21762

  • FortiOS 7.4 version 7.4.0 through 7.4.2
  • FortiOS 7.2 version 7.2.0 through 7.2.6
  • FortiOS 7.0 version 7.0.0 through 7.0.13
  • FortiOS 6.4 version 6.4.0 through 6.4.14
  • FortiOS 6.2 version 6.2.0 through 6.2.15
  • FortiOS 6.0 version all versions
  • FortiProxy 7.4 version 7.4.0 through 7.4.2
  • FortiProxy 7.2 version 7.2.0 through 7.2.8
  • FortiProxy 7.0 version 7.0.0 through 7.0.14
  • FortiProxy 2.0 version 2.0.0 through 2.0.13
  • FortiProxy 1.2 all versions
  • FortiProxy 1.1 all versions
  • FortiProxy 1.0 all versions

For CVE-2024-23113

  • FortiOS 7.4 version 7.4.0 through 7.4.2
  • FortiOS 7.2 version 7.2.0 through 7.2.6
  • FortiOS 7.0 version 7.0.0 through 7.0.13
  • FortiPAM 1.2 all versions
  • FortiPAM 1.1 all versions
  • FortiPAM 1.0 all versions
  • FortiProxy 7.4 version 7.4.0 through 7.4.2
  • FortiProxy 7.2 version 7.2.0 through 7.2.8
  • FortiProxy 7.0 version 7.0.0 through 7.0.15
  • FortiWeb 7.4 version 7.4.0 through 7.4.2

For Others CVE

  • FortiNAC version 7.2.0 through 7.2.2
  • FortiNAC 8.3 all versions
  • FortiNAC 8.5 all versions
  • FortiNAC 8.6 all versions
  • FortiNAC 8.7 all versions
  • FortiNAC 8.8 all versions
  • FortiNAC 9.1 all versions
  • FortiNAC 9.2 all versions
  • FortiNAC version 9.4.0 through 9.4.3
  • FortiOS 6.4 all versions
  • FortiOS version 7.0.0 through 7.0.15
  • FortiOS version 7.2.0 through 7.2.7
  • FortiOS version 7.4.0 through 7.4.1
  • FortiProxy 7.0 all versions
  • FortiProxy version 7.2.0 through 7.2.7
  • FortiProxy version 7.4.0 through 7.4.1
  • FortiClientEMS 7.2 version 7.2.0 through 7.2.2 
  • FortiClientEMS 7.0 version 7.0.6 through 7.0.10 
  • FortiClientEMS 7.0 version 7.0.0 through 7.0.4 
  • FortiClientEMS 6.4 all versions 
  • FortiClientEMS 6.2 all versions 

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

For CVE-2024-21762

For CVE-2024-23113

For Others CVE


Vulnerability Identifier


Source


Related Link