A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2024-21762 | Fortinet FortiOS Out-of-Bound Write Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
This vulnerability allows adversaries to execute arbitrary code via specially crafted http requests that trigger an out of bounds write. Threat actors have been observed implementing a symbolic link, left behind to maintain read-only access to impacted devices.
References
|
| CVE-2024-21762 | Fortinet FortiOS Out-of-Bound Write Vulnerability | primary_impact | T1574 | Hijack Execution Flow |
Comments
This vulnerability allows adversaries to execute arbitrary code via specially crafted http requests that trigger an out of bounds write. Threat actors have been observed implementing a symbolic link, left behind to maintain read-only access to impacted devices.
References
|
| CVE-2024-21762 | Fortinet FortiOS Out-of-Bound Write Vulnerability | secondary_impact | T1547.009 | Shortcut Modification |
Comments
This vulnerability allows adversaries to execute arbitrary code via specially crafted http requests that trigger an out of bounds write. Threat actors have been observed implementing a symbolic link, left behind to maintain read-only access to impacted devices.
References
|