A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
The error consists of writing data outside the boundaries of an allocated buffer (CWE-787 — out-of-bounds write) in components handling network requests. An attacker sends specially crafted requests to the vulnerable device, leading to memory corruption and hijacking of code execution flow. The attack vector is network-based, requires no privileges or user interaction, making the vulnerability exceptionally easy to exploit.
An attacker can execute arbitrary code or system commands on the vulnerable device from the network, gaining full control over the firewall or proxy, including access to configurations, network data, and infrastructure behind the device.
Patches available from the vendor must be applied immediately in accordance with the official Fortinet security bulletin (FG-IR-24-015) available at https://fortiguard.com/psirt/FG-IR-24-015. Devices with management interface exposed to the Internet should be updated with priority or temporarily isolated from external networks.
Fortinet FortiOS: 7.4.0–7.4.2, 7.2.0–7.2.6, 7.0.0–7.0.13, 6.4.0–6.4.14, 6.2.0–6.2.15, 6.0.0–6.0.17. Fortinet FortiProxy: 7.4.0–7.4.2, 7.2.0–7.2.8, 7.0.0–7.0.14, 2.0.0–2.0.13, 1.2.0–1.2.13, 1.1.0–1.1.6, 1.0.0–1.0.7.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFortinet FortiOS
OSFortinet7.4.0 – 7.4.3 (bez)6.2.0 – 6.2.16 (bez)6.4.0 – 6.4.15 (bez)7.0.0 – 7.0.14 (bez)7.2.0 – 7.2.7 (bez)6.0.0 – 6.0.18 (bez)Fortinet Fortiproxy
APPFortinet7.0.0 – 7.0.15 (bez)7.2.0 – 7.2.9 (bez)7.4.0 – 7.4.3 (bez)1.0.0 – 2.0.14 (bez)
CISA KEV — detailsi
- Vendori
- Fortinet ↗
- Producti
- FortiOS
- Added to KEVi
- February 9, 2024
- Remediation deadline (US Federal)i
- February 16, 2024(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
Related vulnerabilities
Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach
Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML
Authentication Bypass w FortiOS i FortiProxy — przejęcie uprawnień super-admin
Krytyczna podatność format string RCE w Fortinet FortiOS, FortiProxy i FortiSwitchManager
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and be...