DESCRIPTION:
A out-of-bounds write vulnerability(CVE-2024-21762) in FortiOS and FortiProxy may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests.
AFFECTED RELEASES:
FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17
FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2 all versions, 1.1 all versions, 1.0 all versions
SOLUTION:
1. Users and system administrators of affected products are advised to apply the security updates:
(1) Please upgrade to FortiOS version 7.4.3, 7.2.7, 7.0.14, 6.4.15, 6.2.16, 6.0.18 or above
(2) Please upgrade to FortiProxy version 7.4.3, 7.2.9, 7.0.15, 2.0.14 or above. For all versions 1.2, 1.1, and 1.0, please upgrade to the aforementioned patched versions.
REFERENCE:
1. https://cwe.mitre.org/data/definitions/787.html
2. https://www.fortiguard.com/psirt/FG-IR-24-015
3. https://nvd.nist.gov/vuln/detail/CVE-2024-21762