IRONSMITHINTEL
CRITICALCVSS9.8
|
Actively Exploited
|CISA KEV|CVE-2024-21762|Auth: none — unauthenticated|Reboot: required|Est. 30 minutes including restart|Manual only

Fortinet FortiGate < 7.4.3 — RCE

An out-of-bounds write in FortiOS SSL-VPN allows unauthenticated RCE. Upgrade to FortiOS 7.4.3 / 7.2.7 / 7.0.14 or disable SSL-VPN — CISA confirmed active exploitation in February 2024.

Published Feb 8, 2024 · Updated May 15, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

Unauthenticated code execution on the FortiGate device as root, enabling full network access, credential theft, and persistent backdoor installation inside the perimeter.

How the attack worksNo clicks needed

FortiOS has an out-of-bounds write vulnerability in its SSL-VPN component. An unauthenticated attacker can send crafted HTTP requests that write outside the bounds of an allocated buffer, allowing arbitrary code execution on the device.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

Network Security Team
Firewall Administrators
IT Security
Running FortiOS 7.4 < 7.4.3, 7.2 < 7.2.7, 7.0 < 7.0.14, 6.4 < 6.4.15, 6.2 < 6.2.16; FortiProxy 7.4 < 7.4.3
Fixed inFortiOS 7.4.3 / 7.2.7 / 7.0.14
Real-world incidentsWhat we've seen

CISA added CVE-2024-21762 to the Known Exploited Vulnerabilities catalog on February 9, 2024. The US government issued an alert noting that over 150,000 FortiGate devices were exposed to the internet and potentially vulnerable. Exploitation was observed across multiple sectors including healthcare, finance, and critical infrastructure.

How to patch

Manual remediation steps

30 minutes including restart

Check Version and Exposure

# CLI:
get system status

# Check if SSL-VPN is enabled (exploitable surface):
get vpn ssl settings | grep status
# If "status: enable" — SSL-VPN is active and exposed

Disable SSL-VPN as Immediate Mitigation

config vpn ssl settings
  set status disable
end

Upgrade FortiOS

1
From FortiGate web UI: System > Firmware
2
Select target version (7.4.3+, 7.2.7+, or 7.0.14+)
3
Apply and restart

Verify

get system status
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2024-21762NVD