CVE-2024-52963

Summary

A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiProxy7.4.0 <= 7.4.5affected
FortinetFortiProxy7.2.0 <= 7.2.13affected
FortinetFortiProxy7.0.0 <= 7.0.20affected
FortinetFortiProxy2.0.0 <= 2.0.14affected
FortinetFortiOS7.6.0affected
FortinetFortiOS7.4.0 <= 7.4.6affected
FortinetFortiOS7.2.0 <= 7.2.10affected
FortinetFortiOS7.0.0 <= 7.0.16affected
FortinetFortiOS6.4.0 <= 6.4.15affected
FortinetFortiPAM1.4.0 <= 1.4.2affected
FortinetFortiPAM1.3.0 <= 1.3.1affected
FortinetFortiPAM1.2.0affected
FortinetFortiPAM1.1.0 <= 1.1.2affected
FortinetFortiPAM1.0.0 <= 1.0.3affected

Weaknesses

  • CWE-787: Denial of service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

Additional References

References