CVE-2024-26010

Summary

A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiPAM1.2.0affected
FortinetFortiPAM1.1.0 <= 1.1.2affected
FortinetFortiPAM1.0.0 <= 1.0.3affected
FortinetFortiSwitchManager7.2.0 <= 7.2.3affected
FortinetFortiSwitchManager7.0.1 <= 7.0.3affected
FortinetFortiOS7.4.0 <= 7.4.3affected
FortinetFortiOS7.2.0 <= 7.2.7affected
FortinetFortiOS7.0.0 <= 7.0.14affected
FortinetFortiOS6.4.0 <= 6.4.15affected
FortinetFortiOS6.2.0 <= 6.2.16affected
FortinetFortiOS6.0.0 <= 6.0.18affected
FortinetFortiProxy7.4.0 <= 7.4.2affected
FortinetFortiProxy7.2.0 <= 7.2.9affected
FortinetFortiProxy7.0.0 <= 7.0.15affected
FortinetFortiProxy2.0.0 <= 2.0.13affected
FortinetFortiProxy1.2.0 <= 1.2.13affected
FortinetFortiProxy1.1.0 <= 1.1.6affected
FortinetFortiProxy1.0.0 <= 1.0.7affected

Weaknesses

  • CWE-121: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References