nci_horiz_logo

VULNERABILITY

FortiOS – Critical Vulnerability on Out-of-bound Write in sslvpnd [CVE-2024-21762]

An out-of-bounds write vulnerability [CWE-787] in FortiOS. This may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests. 

Resource link: https://www.fortiguard.com/psirt/FG-IR-24-015?s=09

Workaround : disable SSL VPN (disable webmode is NOT a valid workaround)

Note: This is potentially being exploited in the wild.

Please review the scope of work below prior to authorizing NCI to remediate.

Scope of work:

Download and install the latest cumulative updates for your current affected version of FortiOS / FortiProxy for up to 4 devices. A restart will be required in order to complete the remediation (estimated 1 hour of downtime).

Version:

FortiOS 7.6

FortiOS 7.4

FortiOS 7.2

FortiOS 7.0

FortiOS 6.4

FortiOS 6.2

FortiOS 6.0

FortiOS 7.4

FortiOS 7.2

FortiOS 7.0

FortiOS 2.0

FortiOS 1.2

FortiOS 1.1

FortiOS 1.0

Affected:

Not affected

7.4.0 through 7.4.2

7.2.0 through 7.2.6

7.0.0 through 7.0.13

6.4.0 through 6.4.14

6.2.0 through 6.2.15

6.0 all versions

7.4.0 through 7.4.2

7.2.0 through 7.2.8

7.0.0 through 7.0.14

2.0.0 through 2.0.13

1.2 all versions

1.1 all versions

1.0 all versions

Solution:

Not Applicable

Upgrade to 7.4.3 or above

Upgrade to 7.2.7 or above

Upgrade to 7.0.14 or above

Upgrade to 6.4.15 or above

Upgrade to 6.2.16 or above

Migrate to a fixed release

Upgrade to 7.4.3 or above

Upgrade to 7.2.9 or above

Upgrade to 7.0.15 or above

Upgrade to 2.0.14 or above

Migrate to a fixed release

Migrate to a fixed release

Migrate to a fixed release

If you would like to schedule the remediation work outside of your business hours please have the point of contact in your support ticket communicate with our scheduling team so we can accommodate.

By completing the following form, you agree to the scope of work and remediation estimate.

Please enable JavaScript in your browser to complete this form.

Do you authorize Network Center, Inc. to proceed with the remediation scope of work for the FortiOS – Critical Vulnerability on Out-of-bound Write in sslvpnd? By clicking yes below, you are approving a fee of $300 to complete the remediation (up to 4 devices) which will be billed after completion.

Remediation Authorization

Recently, Fortinet software has released an option for users on recent versions to select "auto-update". This means your system will auto update when Fortinet releases these types of security patches.

If your version allows, would you like us to turn on this "auto-update" function