CVE-2024-35276

Summary

A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiAnalyzer7.4.0 <= 7.4.3affected
FortinetFortiAnalyzer7.2.0 <= 7.2.5affected
FortinetFortiAnalyzer7.0.0 <= 7.0.12affected
FortinetFortiAnalyzer6.4.0 <= 6.4.14affected
FortinetFortiManager7.4.0 <= 7.4.3affected
FortinetFortiManager7.2.0 <= 7.2.5affected
FortinetFortiManager7.0.0 <= 7.0.12affected
FortinetFortiManager6.4.0 <= 6.4.14affected

Weaknesses

  • CWE-121: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References