CVE-2024-21762: FortiOS SSL VPN Out-of-Bounds Write

Score: 9.6
CRITICAL
Published: 2024-02-08Affected: FortiOS 7.4.0 through 7.4.2CWE-787 β†—

Is FortiOS SSL VPN vulnerable?

An out-of-bounds write vulnerability in FortiOS SSL VPN. Unauthenticated remote attackers can execute arbitrary code or commands via specially crafted HTTP requests to the SSL VPN web portal.

Impact & Exploitation

Actively exploited as a zero-day. CISA added to KEV catalog. Targeted by nation-state actors for initial access to government and defense networks.

Related Resources

πŸ” Related CWE Entries

πŸ“– Security Guides

πŸ›‘οΈ Notable Vulnerabilities

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS9.6
SeverityCRITICAL
CWECWE-787
Published2024-02-08

Tags

fortinetvpnfirmwarezero-day

Quick Links

Is your system affected?

Precogs AI detects FortiOS SSL VPN Out-of-Bounds Write in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2024-21762 FortiOS SSL VPN Out-of-Bounds Write don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo