CVE-2024-21762 – This critical vulnerability allows remote attac... (How to Fix)

Q: What is the severity of CVE-2024-21762?

CVE-2024-21762 has a CVSS score of 9.8 (CRITICAL). This critical vulnerability allows remote attackers to execute arbitrary code or commands on affected Fortinet devices via specially crafted requests. An out-of-bounds write in FortiOS and FortiProxy enables unauthorized code execution. Organizations using vulnerable versions of Fortinet's firewall and proxy products are affected.

📋 TL;DR

This critical vulnerability allows remote attackers to execute arbitrary code or commands on affected Fortinet devices via specially crafted requests. An out-of-bounds write in FortiOS and FortiProxy enables unauthorized code execution. Organizations using vulnerable versions of Fortinet's firewall and proxy products are affected.

💻 Affected Systems

Products:

Fortinet FortiOS
Fortinet FortiProxy

Versions: FortiOS: 7.4.0-7.4.2, 7.2.0-7.2.6, 7.0.0-7.0.13, 6.4.0-6.4.14, 6.2.0-6.2.15, 6.0.0-6.0.17; FortiProxy: 7.4.0-7.4.2, 7.2.0-7.2.8, 7.0.0-7.0.14, 2.0.0-2.0.13, 1.2.0-1.2.13, 1.1.0-1.1.6, 1.0.0-1.0.7

Operating Systems: FortiOS (proprietary), FortiProxy (proprietary)

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to gain full control of the device, pivot to internal networks, steal sensitive data, and deploy ransomware or other malware.

🟠

Likely Case

Remote code execution leading to network infiltration, data exfiltration, and establishment of persistent backdoors for further attacks.

🟢

If Mitigated

Limited impact if devices are behind additional security layers, but still significant risk due to the critical nature of the vulnerability.

🌐 Internet-Facing: HIGH - Directly exploitable from the internet without authentication, making exposed devices immediate targets.

🏢 Internal Only: HIGH - Even internally, this provides attackers with powerful lateral movement capabilities once initial access is gained.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CISA has added this to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The vulnerability requires no authentication and has low attack complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiOS: 7.4.3, 7.2.7, 7.0.14, 6.4.15, 6.2.16, 6.0.18; FortiProxy: 7.4.3, 7.2.9, 7.0.15, 2.0.14, 1.2.14, 1.1.7, 1.0.8

Vendor Advisory: https://fortiguard.com/psirt/FG-IR-24-015

Restart Required: Yes

Instructions:

1. Download the appropriate firmware version from Fortinet support portal. 2. Backup current configuration. 3. Upload firmware via web GUI or CLI. 4. Install firmware update. 5. Reboot device. 6. Verify successful update and restore functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable devices from critical networks and internet exposure

Access Control Lists

all

Implement strict network ACLs to limit access to management interfaces

🧯 If You Can't Patch

Immediately isolate vulnerable devices from internet exposure
Implement strict network segmentation and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check FortiOS/FortiProxy version via web GUI (System > Dashboard) or CLI command 'get system status'

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify version is updated to patched version via 'get system status' or web GUI dashboard

📡 Detection & Monitoring

Log Indicators:

Unusual process execution
Unexpected configuration changes
Failed authentication attempts followed by successful access
Suspicious network traffic patterns

Network Indicators:

Anomalous outbound connections from Fortinet devices
Unexpected traffic to/from management interfaces
Port scanning originating from Fortinet devices

SIEM Query:

source="fortigate" AND (event_type="traffic" OR event_type="system") AND (msg="*exec*" OR msg="*command*" OR msg="*unauthorized*" OR msg="*out-of-bounds*")

📊 Metadata

CVE ID: CVE-2024-21762

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 9, 2024

Last Updated: October 24, 2025

🔗 References

https://fortiguard.com/psirt/FG-IR-24-015 Vendor Advisory
https://fortiguard.com/psirt/FG-IR-24-015 Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21762 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21762, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

Fortios by Fortinet

Fortiproxy by Fortinet

Fortiproxy by Fortinet

Fortiproxy by Fortinet

Fortiproxy by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control Lists

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities