CVE-2024-46669

Summary

An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.4.0 <= 7.4.4affected
FortinetFortiOS7.2.0 <= 7.2.11affected

Weaknesses

  • CWE-190: Denial of service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References