Two vulnerabilities (CVE-2024-21762/CVE-2024-23113) in FortiOS can potentially lead to arbitrary code execution. Updates are available to remediate these vulnerabilities in affected FortiOS products. Previous workarounds such as disabling the web mode do not work with CVE-2024-21762.
These affect multiple versions of Fortinet products, including:
- FortiOS versions before 7.6
- Part of FortiOS version 7.4 and up to/including 7.4.2
- FortiProxy 1.0-7.4.2
See the resource center.
Severity
Fortinet is the reporting CVE Numbering Authority (CNA) and has scored v3.1 as CVSS 9.8 (Critical). We are awaiting NVDs assessment of the vulnerability. Learn more about severity.
Status
| Resource | Status |
|---|---|
| Bitsight | Researching detection methods. |
| Fortinet | Upgrade recommended. |
| National Vulnerability Database | Under analysis. |
Feedback
0 comments
Please sign in to leave a comment.