Skip to content
Join Censys for a Threat Hunting Workshop & Happy Hour! | April 17 at City Winery in Philadelphia | Register Now
Advisory

March 14, 2024: Fortinet FortiOS & FortiProxy CVE-2024-21762

Summary

Censys is aware that on February 9, 2024, a critical out-of-bounds write vulnerability (CVE-2024-21762), affecting a series of Fortinet FortiOS versions (listed below), was published.

Impact
This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests (NVD). These actions could then possibly allow said attacker to control aspects or the entirety of the attacked asset.

Affected Assets
According to Fortinet, this issue affects:
FortiOS 7.4 – 7.4.0 through 7.4.2
FortiOS 7.2 – 7.2.0 through 7.2.6
FortiOS 7.0 – 7.0.0 through 7.0.13
FortiOS 6.4 – 6.4.0 through 6.4.14
FortiOS 6.2 – 6.2.0 through 6.2.15
FortiOS 6.0 – 6.0.0 through 6.0.17

FortiProxy 7.4 – 7.4.0 through 7.4.2
FortiProxy 7.2 – 7.2.0 through 7.2.8
FortiProxy 7.0 – 7.0.0 through 7.0.14
FortiProxy 2.0 – 2.0.0 through 2.0.13.
FortiProxy 1.2 – 1.2 all versions
FortiProxy 1.1 – 1.1 all versions
FortiProxy 1.0 – 1.0 all versions

Censys’ Rapid Response Team was able to identify FortiOS versions:
7.2.3
7.2.1
7.4.0
7.2.2
Below are queries that will accurately uncover affected FortiOS versions listed above that are publicly facing and recently observed from our scans. For FortiOS versions that Censys was not able to positively identify due to the nature of product behavior, and that are still affected by the vulnerability in question, we are including more general queries for FortiOS products that customers can use to identify all other FortiOS assets and investigate further, if they so choose.

Additionally, FortiProxy versions were also affected in this vulnerability, but due to the nature of the product, Censys was unable to receive sufficient information from these devices to accurately identify them in the wild. General queries for these products are included below, as well.

Censys Risk Name
The following risk presents the affected FortiOS versions listed above that Censys can accurately identify
Vulnerable Fortinet FortiOS [CVE-2024-21762]
Due to FortiProxy’s inability to present accurate version information, Censys did not create a risk for this product.

Censys ASM Query
The following query will present both the affected FortiOS versions that Censys can accurately detect as well as any FortiOS assets in your workspaces. To exclude either, you can simply remove “FortiOS” to just see the Censys-identified vulnerable versions with the risk, or the risk query, for all FortiOS assets.
host.services.software.product: FortiOS or risks.type = ‘Vulnerable Fortinet FortiOS [CVE-2024-21762]’

The following query will present any FortiProxy assets in your workspaces:
host.services.software: (vendor: Fortinet and product: FortiProxy) or (web_entity.instances.software.vendor: Fortinet and web_entity.instances.software.product: FortiProxy)

Censys Search Queries are shared directly with Censys customers. If you would like to obtain the Censys query to identify global instances related to this issue, or need help, please contact us.

Recommendations for remediation from Fortinet state that owners of FortiOS assets should upgrade versions to the versions listed below:
FortiOS 7.4 – 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above
FortiOS 7.2 – 7.2.0 through 7.2.6 Upgrade to 7.2.7 or above
FortiOS 7.0 – 7.0.0 through 7.0.13 Upgrade to 7.0.14 or above
FortiOS 6.4 – 6.4.0 through 6.4.14 Upgrade to 6.4.15 or above
FortiOS 6.2 – 6.2.0 through 6.2.15 Upgrade to 6.2.16 or above
FortiOS 6.0 – 6.0.0 through 6.0.17 Upgrade to 6.0.18 or above

FortiProxy 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above
FortiProxy 7.2 7.2.0 through 7.2.8 Upgrade to 7.2.9 or above
FortiProxy 7.0 7.0.0 through 7.0.14 Upgrade to 7.0.15 or above
FortiProxy 2.0 2.0.0 through 2.0.13. Upgrade to 2.0.14 or above
FortiProxy 1.2 1.2 all versions Migrate to a fixed release
FortiProxy 1.1 1.1 all versions Migrate to a fixed release
FortiProxy 1.0 1.0 all versions Migrate to a fixed release

Attack Surface Management Solutions
Learn more