Threat Intelligence / CVE / CVE-2024-21762

CVE-2024-21762

CISA KEVRansomware

CVSS 9.8 (CRITICAL) · EPSS 92.7% · Published 2024-02-09

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787

Threats tracking this CVE

Kyber Ransomware: Post-Quantum Hybrid Encryption Operation Targeting Windows & VMware ESXi — CRITICAL

References

https://fortiguard.com/psirt/FG-IR-24-015

Full detection coverage & IOCs for threats exploiting CVE-2024-21762 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence