{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-21762", "ASSIGNER": "psirt@fortinet.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Execute unauthorized code or commands", "cweId": "CWE-787" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Fortinet", "product": { "product_data": [ { "product_name": "FortiProxy", "version": { "version_data": [ { "version_affected": "<=", "version_name": "7.4.0", "version_value": "7.4.2" }, { "version_affected": "<=", "version_name": "7.2.0", "version_value": "7.2.8" }, { "version_affected": "<=", "version_name": "7.0.0", "version_value": "7.0.14" }, { "version_affected": "<=", "version_name": "2.0.0", "version_value": "2.0.13" }, { "version_affected": "<=", "version_name": "1.2.0", "version_value": "1.2.13" }, { "version_affected": "<=", "version_name": "1.1.0", "version_value": "1.1.6" }, { "version_affected": "<=", "version_name": "1.0.0", "version_value": "1.0.7" } ] } }, { "product_name": "FortiOS", "version": { "version_data": [ { "version_affected": "<=", "version_name": "7.4.0", "version_value": "7.4.2" }, { "version_affected": "<=", "version_name": "7.2.0", "version_value": "7.2.6" }, { "version_affected": "<=", "version_name": "7.0.0", "version_value": "7.0.13" }, { "version_affected": "<=", "version_name": "6.4.0", "version_value": "6.4.14" }, { "version_affected": "<=", "version_name": "6.2.0", "version_value": "6.2.15" }, { "version_affected": "<=", "version_name": "6.0.0", "version_value": "6.0.17" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://fortiguard.com/psirt/FG-IR-24-015", "refsource": "MISC", "name": "https://fortiguard.com/psirt/FG-IR-24-015" } ] }, "solution": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.15 or above \nPlease upgrade to FortiProxy version 2.0.14 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.3 or above \nPlease upgrade to FortiOS version 7.2.7 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiOS version 6.4.15 or above \nPlease upgrade to FortiOS version 6.2.16 or above \n" } ], "impact": { "cvss": [ { "version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C" } ] } }