BishopFox recently released a detailed study of one of the new trending FortiOS vulnerabilities, CVE-2024-21762.
CVE-2024-21762 is a forbidden entry in the SSL VPN component of FortiOS. Bishop Fox analyzed the patch and found numerous changes in the handling of HTTP requests that use chunked transfer encoding. In addition to developing a proof of vulnerability, we defined a method to securely test for changes in behavior that indicate the system is using the patched firmware.
It took me a week to make an exploit based on the data provided in the report. And I did it! I did it by sending an out-of-bound value in the Transfer-Encoding: chunked header. Further exploitation led to an HTTP Smuggling vulnerability also known as TE.CL
What do you think?
It is nice to know your opinion. Leave a comment.