CVE-2024-46668

Summary

An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.4.0 <= 7.4.4affected
FortinetFortiOS7.2.0 <= 7.2.8affected
FortinetFortiOS7.0.0 <= 7.0.15affected
FortinetFortiOS6.4.0 <= 6.4.15affected

Weaknesses

  • CWE-770: Denial of service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References