CVE-2024-46667

Summary

A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSIEM7.1.0 <= 7.1.5affected
FortinetFortiSIEM7.0.0 <= 7.0.3affected
FortinetFortiSIEM6.7.0 <= 6.7.9affected
FortinetFortiSIEM6.6.0 <= 6.6.5affected
FortinetFortiSIEM6.5.0 <= 6.5.3affected
FortinetFortiSIEM6.4.0 <= 6.4.4affected
FortinetFortiSIEM6.3.0 <= 6.3.3affected
FortinetFortiSIEM6.2.0 <= 6.2.1affected
FortinetFortiSIEM6.1.0 <= 6.1.2affected
FortinetFortiSIEM5.4.0affected
FortinetFortiSIEM5.3.0 <= 5.3.3affected

Weaknesses

  • CWE-770: Denial of service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References