Skip to content

Safely detect whether a FortiGate SSL VPN is vulnerable to CVE-2024-21762

License

Notifications You must be signed in to change notification settings

BishopFox/cve-2024-21762-check

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 

Repository files navigation

CVE-2024-21762 Check

Safely detect whether a FortiGate SSL VPN is vulnerable to CVE-2024-21762. For more information, see this Bishop Fox blog post

Usage

python3 check-cve-2024-21762.py <host> <port>

In most cases, the script will either output "Vulnerable" or "Patched". It performs minimal verification that the target is in fact a FortiOS SSL VPN, and in some cases it will print a warning before providing output. If this happens, double check that your target is a FortiOS SSL VPN interface and not a management interface.

# Testing against the SSL-VPN interface
$ python3 check-cve-2024-21762.py 192.168.250.124 12443
Vulnerable

# Testing against the management interface -> bogus results
$ python3 check-cve-2024-21762.py 192.168.250.124 443
[warning] Server does not look like a Fortinet SSL VPN interface
Patched

About

Safely detect whether a FortiGate SSL VPN is vulnerable to CVE-2024-21762

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages