CVE-2024-21762

CVE Database · CVE-2024-21762

CVE-2024-21762

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

80.84%

Published

Feb 9, 2024

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2024-02-09 · Due: 2024-02-16

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (9)

All weaponized →

TrickestTrickest PoC index GitHub PoCh4x0r-dz/CVE-2024-21762★150 GitHub PoCBishopFox/cve-2024-21762-check★107 GitHub PoCr4p3c4/CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check★16 GitHub PoCd0rb/CVE-2024-21762★12 GitHub PoCabrewer251/CVE-2024-21762_FortiNet_PoC★2 GitHub PoCrdoix/cve-2024-21762-checker★1 GitHub PoCdeFr0ggy/CVE-2024-21762-Checker★0 GitHub PoC0x13-ByteZer0/CVE-2024-21762★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787

Affected Products (10)

fortinet · fortiproxy (up to 2.0.14)vulnerable

fortinet · fortiproxy (up to 7.0.15)vulnerable

fortinet · fortiproxy (up to 7.2.9)vulnerable

fortinet · fortiproxy (up to 7.4.3)vulnerable

fortinet · fortios (up to 6.0.18)vulnerable

fortinet · fortios (up to 6.2.16)vulnerable

fortinet · fortios (up to 6.4.15)vulnerable