CVE-2024-26015

Summary

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.4.0 <= 7.4.3affected
FortinetFortiProxy7.2.0 <= 7.2.10affected
FortinetFortiProxy7.0.0 <= 7.0.18affected
FortinetFortiOS7.4.0 <= 7.4.3affected
FortinetFortiOS7.2.0 <= 7.2.8affected
FortinetFortiOS7.0.0 <= 7.0.15affected

Weaknesses

  • CWE-1389: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References