关联漏洞
标题:
Fortinet FortiOS 缓冲区错误漏洞
(CVE-2024-21762)
描述:Fortinet FortiOS是美国飞塔(Fortinet)公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。 Fortinet FortiOS存在缓冲区错误漏洞,该漏洞源于存在越界写入,允许攻击者通过特制请求执行未经授权的代码或命令。
介绍
# FortiGate cve-2024-21762-checker
This script is used to check for vulnerabilities in Fortigate SSL VPNs based on CVE-2024-21762. It uses Shodan to find vulnerable devices and test their vulnerability.
## Features
- Uses Shodan API to find Fortigate devices running SSL VPN on port 10443.
- Checks the vulnerability status of the devices.
- Flexible shodan queries
- Displays the result with additional information such as organization and country.
## Requirements
- Python 3.x
- Shodan API Key
## Installation
1. Clone this repository:
```bash
git clone https://github.com/rdoix/cve-2024-21762-checker.git
cd cve-2024-21762-checker
```
2. Install dependencies:
```bash
pip install -r requirements.txt
```
3. Set Shodan API Key as an environment variable:
```bash
export SHODAN_API_KEY="YOUR_SHODAN_API_KEY"
```
## Usage
Run the script with the following command:
```bash
python3 cve-2024-21762-checker.py
```
## Example Output
```
1.1.1.1 | ABC Company | Indonesia | Vulnerable
1.1.2.2 | XYZ Corporation | United States | Patched
```
文件快照
[4.0K] /data/pocs/33d17f126376b8637a9dc6a737820a05994bc6d3
├── [2.3K] cve-2024-21762-checker.py
├── [1.1K] README.md
└── [ 16] requirements.txt
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。