Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-21762 PoC — Fortinet FortiOS 缓冲区错误漏洞

Source
https://github.com/deFr0ggy/CVE-2024-21762-Checker
Associated Vulnerability
Title:Fortinet FortiOS 缓冲区错误漏洞 (CVE-2024-21762)
Description:A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
Description
This script performs vulnerability scanning for CVE-2024-21762, a Fortinet SSL VPN remote code execution vulnerability. It checks whether a given server is vulnerable to this CVE by sending specific requests and analyzing the responses.
Readme
# CVE-2024-21762-Checker
This script performs vulnerability scanning for CVE-2024-21762, a Fortinet SSL VPN remote code execution vulnerability. It checks whether a given server is vulnerable to this CVE by sending specific requests and analyzing the responses.
For more information, [see this Bishop Fox blog post](https://bishopfox.com/blog/cve-2024-21762-vulnerability-scanner-for-fortigate-firewalls)
Date of published exploit: **2024/02/28**
Vulnerable vesions: **FortiOS 6.0 to 7.4.2**
| FortiOS Version | Affected Versions    | Recommended Action         |
|-----------------|----------------------|----------------------------|
| FortiOS 7.6     | Not affected         | Not Applicable             |
| FortiOS 7.4     | 7.4.0 through 7.4.2  | Upgrade to 7.4.3 or above  |
| FortiOS 7.2     | 7.2.0 through 7.2.6  | Upgrade to 7.2.7 or above  |
| FortiOS 7.0     | 7.0.0 through 7.0.13 | Upgrade to 7.0.14 or above |
| FortiOS 6.4     | 6.4.0 through 6.4.14 | Upgrade to 6.4.15 or above |
| FortiOS 6.2     | 6.2.0 through 6.2.15 | Upgrade to 6.2.16 or above |
| FortiOS 6.0     | 6.0 all versions     | Migrate to a fixed release |

## Usage
The script supports two modes of operation:
Single check: You can provide a hostname and port as command-line arguments to check a single host.
```
python3 check-cve-2024-21762.py <IP> <PORT>
```
Mass scanning: You can provide a file containing a list of host URLs in the format hostname:port, and the script will scan each host listed in the file.
```
python3 check-cve-2024-21762.py host_URL.txt # <IP|Hostname>:<PORT>
```
For each host, the script sends two POST requests: a control request and a check request. Based on the responses received, it determines whether the server is vulnerable or patched. The output includes color-coded status messages for easy identification: Vulnerable status is displayed in red, while Patched status is displayed in green. Additionally, it provides warning messages if the server does not appear to be a Fortinet SSL VPN interface or if the connection fails.
File Snapshot

 [4.0K]  /data/pocs/7898b7c4b6be11de08429b16c4783988cc280b03
├── [3.3K]  check-cve-2024-21762.py
├── [ 34K]  LICENSE
└── [2.0K]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →