CVE-2024-21762 – Fortinet FortiOS Out-of-Bound Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-21762
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests Una escritura fuera de los límites en Fortinet FortiOS versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.6, 7.0.0 a 7.0.13, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15 , 6.0.0 a 6.0.17, y versiones de FortiProxy 7.4.0 a 7.4.2, 7.2.0 a 7.2.8, 7.0.0 a 7.0.14, 2.0.0 a 2.0.13, 1.2.0 a 1.2.13 , 1.1.0 a 1.1.6, 1.0.0 a 1.0.7. Permite al atacante ejecutar código o comandos no autorizados a través de solicitudes específicamente manipuladas Fortinet FortiOS suffers from an out of bounds write vulnerability. Affected includes Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, and 1.0.0 through 1.0.7. Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests. • https://github.com/h4x0r-dz/CVE-2024-21762 https://github.com/r4p3c4/CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check https://github.com/d0rb/CVE-2024-21762 https://github.com/cleverg0d/CVE-2024-21762-Checker https://fortiguard.com/psirt/FG-IR-24-015 • CWE-787: Out-of-bounds Write •
CVE-2023-44250
https://notcve.org/view.php?id=CVE-2023-44250
An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. Una vulnerabilidad de administración de privilegios inadecuada [CWE-269] en un clúster Fortinet FortiOS HA versión 7.4.0 a 7.4.1 y 7.2.5 y en un clúster FortiProxy HA versión 7.4.0 a 7.4.1 permite que un atacante autenticado realice acciones elevadas a través de solicitudes HTTP o HTTPS manipuladas. • https://fortiguard.com/psirt/FG-IR-23-315 • CWE-269: Improper Privilege Management •
CVE-2023-36639
https://notcve.org/view.php?id=CVE-2023-36639
A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted API requests. Un uso de cadena de formato controlada externamente en Fortinet FortiProxy versiones 7.2.0 a 7.2.4, 7.0.0 a 7.0.10, versiones de FortiOS 7.4.0, 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.12, 6.2.0 a 6.2.15, 6.0.0 a 6.0.17, las versiones de FortiPAM 1.0.0 a 1.0.3 permiten al atacante ejecutar código o comandos no autorizados a través de solicitudes API especialmente manipuladas. • https://fortiguard.com/psirt/FG-IR-23-138 • CWE-134: Use of Externally-Controlled Format String •
CVE-2023-36641
https://notcve.org/view.php?id=CVE-2023-36641
A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allows attacker to denial of service via specifically crafted HTTP requests. Un error de truncamiento numérico en Fortinet FortiProxy versión 7.2.0 a 7.2.4, FortiProxy versión 7.0.0 a 7.0.10, FortiProxy 2.0 todas las versiones, FortiProxy 1.2 todas las versiones, FortiProxy 1.1, todas las versiones, FortiProxy 1.0 todas las versiones, FortiOS versión 7.4 .0, FortiOS versión 7.2.0 a 7.2.5, FortiOS versión 7.0.0 a 7.0.12, FortiOS 6.4 todas las versiones, FortiOS 6.2 todas las versiones, FortiOS 6.0 todas las versiones permiten al atacante denegar el servicio a través de solicitudes HTTP específicamente manipuladas. • https://fortiguard.com/psirt/FG-IR-23-151 • CWE-197: Numeric Truncation Error •
CVE-2023-37935
https://notcve.org/view.php?id=CVE-2023-37935
A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. Un uso del método de solicitud GET con vulnerabilidad de cadenas de consulta confidenciales en Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 y 7.4.0 permite a un atacante ver contraseñas en texto plano de servicios remotos como RDP o VNC, si el atacante puede leer las solicitudes GET de esos servicios. • https://fortiguard.com/psirt/FG-IR-23-120 • CWE-598: Use of GET Request Method With Sensitive Query Strings •