CVE-2024-21762: FortiOS SSL VPN Out-of-Bounds Write

Q: Is FortiOS SSL VPN vulnerable?

CVE-2024-21762 is a critical zero-day RCE in FortiOS SSL VPN exploited by nation-state actors. Unauthenticated attackers can execute code via crafted HTTP requests.

CRITICAL

9.6CRITICAL

Published: 2024-02-08Affected: FortiOS 7.4.0 through 7.4.2CWE-787 ↗

Is FortiOS SSL VPN vulnerable?

An out-of-bounds write vulnerability in FortiOS SSL VPN. Unauthenticated remote attackers can execute arbitrary code or commands via specially crafted HTTP requests to the SSL VPN web portal.

Impact & Exploitation

Actively exploited as a zero-day. CISA added to KEV catalog. Targeted by nation-state actors for initial access to government and defense networks.

How Precogs AI Detects FortiOS SSL VPN Out-of-Bounds Write

Precogs AI Binary SAST analyzes FortiOS firmware images for out-of-bounds write conditions in SSL VPN implementations, detecting vulnerabilities before deployment.

Scan for CVE-2024-21762

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

CVE-2024-21762: FortiOS SSL VPN Out-of-Bounds Write

Is FortiOS SSL VPN vulnerable?

Impact & Exploitation

How Precogs AI Detects FortiOS SSL VPN Out-of-Bounds Write

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?

Is FortiOS SSL VPN vulnerable?

Impact & Exploitation

How Precogs AI Detects FortiOS SSL VPN Out-of-Bounds Write

Related Resources

🔍 Related CWE Entries

📖 Security Guides

🛡️ Notable Vulnerabilities

🔗 External References

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?