Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762)
Description
A critical out-of-bounds write vulnerability exists in the SSL VPN component of Fortinet FortiOS and FortiProxy appliances. This memory corruption flaw allows remote attackers to send specially crafted HTTP requests to vulnerable systems without requiring authentication. Successful exploitation enables arbitrary code execution with system-level privileges, potentially leading to complete device compromise.
Remediation
Apply security patches immediately by upgrading to the latest patched versions of FortiOS or FortiProxy as specified in Fortinet's security advisory FG-IR-24-015. Specifically:
1. Review the advisory at https://fortiguard.com/psirt/FG-IR-24-015 to identify if your version is affected
2. Upgrade FortiOS to version 7.4.3 or later, 7.2.7 or later, 7.0.14 or later, or 6.4.15 or later depending on your branch
3. Upgrade FortiProxy to version 7.4.2 or later, 7.2.9 or later, or 7.0.15 or later depending on your branch
4. As an interim mitigation if immediate patching is not possible, disable SSL VPN functionality or restrict access to the SSL VPN portal using firewall rules to trusted IP addresses only
5. Monitor logs for suspicious SSL VPN connection attempts and unusual HTTP requests
6. After patching, review system logs and configurations for signs of compromise