CVE-2024-46670

Summary

An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiOS7.6.0affected
FortinetFortiOS7.4.0 <= 7.4.4affected
FortinetFortiOS7.2.0 <= 7.2.9affected
FortinetFortiProxy7.4.0 <= 7.4.5affected
FortinetFortiProxy7.2.0 <= 7.2.11affected
FortinetFortiProxy7.0.0 <= 7.0.18affected
FortinetFortiProxy2.0.0 <= 2.0.14affected
FortinetFortiPAM1.4.0 <= 1.4.1affected
FortinetFortiPAM1.3.0affected
FortinetFortiPAM1.2.0affected
FortinetFortiPAM1.1.0 <= 1.1.2affected
FortinetFortiPAM1.0.0 <= 1.0.3affected

Weaknesses

  • CWE-125: Denial of service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References