Hunting for Fortinet CVE-2024-21762: Vulnerability Research for Detection Engineering

This blog documents reverse-engineering efforts to locate the fix for Fortinet CVE-2024-21762 (an out-of-bounds write in FortiOS/FortiProxy SSL VPN leading to potential RCE) by diffing decrypted firmware from 7.4.2 to 7.4.3; the author identifies a new conditional limiting chunked Trailer length as the mitigation, sketches a Suricata/IDS rule to detect attempts, and outlines next steps for validating vulnerable endpoints and generating PoCs.