CVE-2024-50571

Summary

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyzer 6.2 all versions, FortiAnalyzer 6.0 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.5, FortiAnalyzer Cloud 7.2.1 through 7.2.9, FortiAnalyzer Cloud 7.0.1 through 7.0.13, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.0 through 7.2.9, FortiManager 7.0.0 through 7.0.13, FortiManager 6.4 all versions, FortiManager 6.2 all versions, FortiManager 6.0 all versions, FortiManager Cloud 7.6.2, FortiManager Cloud 7.4.1 through 7.4.5, FortiManager Cloud 7.2.1 through 7.2.9, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4 all versions, FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiProxy 7.2.0 through 7.2.12, FortiProxy 7.0.0 through 7.0.19, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions allows attacker to execute unauthorized code or commands via specifically crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiManager7.6.0 <= 7.6.1affected
FortinetFortiManager7.4.0 <= 7.4.5affected
FortinetFortiManager7.2.0 <= 7.2.9affected
FortinetFortiManager7.0.0 <= 7.0.13affected
FortinetFortiManager6.4.0 <= 6.4.15affected
FortinetFortiManager6.2.0 <= 6.2.13affected
FortinetFortiManager6.0.0 <= 6.0.12affected
FortinetFortiOS7.6.0affected
FortinetFortiOS7.4.0 <= 7.4.5affected
FortinetFortiOS7.2.0 <= 7.2.10affected
FortinetFortiOS7.0.0 <= 7.0.16affected
FortinetFortiOS6.4.0 <= 6.4.15affected
FortinetFortiManager Cloud7.6.2affected
FortinetFortiManager Cloud7.4.1 <= 7.4.5affected
FortinetFortiManager Cloud7.2.1 <= 7.2.9affected
FortinetFortiManager Cloud7.0.1 <= 7.0.13affected
FortinetFortiManager Cloud6.4.1 <= 6.4.7affected
FortinetFortiAnalyzer7.6.0 <= 7.6.2affected
FortinetFortiAnalyzer7.4.0 <= 7.4.5affected
FortinetFortiAnalyzer7.2.0 <= 7.2.9affected
FortinetFortiAnalyzer7.0.0 <= 7.0.13affected
FortinetFortiAnalyzer6.4.0 <= 6.4.15affected
FortinetFortiAnalyzer6.2.0 <= 6.2.13affected
FortinetFortiAnalyzer6.0.0 <= 6.0.12affected
FortinetFortiProxy7.6.0affected
FortinetFortiProxy7.4.0 <= 7.4.6affected
FortinetFortiProxy7.2.0 <= 7.2.12affected
FortinetFortiProxy7.0.0 <= 7.0.19affected
FortinetFortiProxy2.0.0 <= 2.0.14affected
FortinetFortiProxy1.2.0 <= 1.2.13affected
FortinetFortiProxy1.1.0 <= 1.1.6affected
FortinetFortiProxy1.0.0 <= 1.0.7affected
FortinetFortiAnalyzer Cloud7.4.1 <= 7.4.5affected
FortinetFortiAnalyzer Cloud7.2.1 <= 7.2.9affected
FortinetFortiAnalyzer Cloud7.0.1 <= 7.0.13affected
FortinetFortiAnalyzer Cloud6.4.1 <= 6.4.7affected

Weaknesses

  • CWE-122: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References