CVE-2024-26015 — Incorrect Parsing of Numbers with Different Radices in Fortinet Fortios

CWE-1389 — Incorrect Parsing of Numbers with Different Radices CWE-704 — Incorrect Type Conversion or Cast4 documents4 sources

Severity

4.7MEDIUMNVD

CNA3.4

EPSS

0.0%

top 85.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedJul 9

Description

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5fortinet/fortios7.4.0 — 7.4.3+2

▶NVDfortinet/fortios7.0.0 — 7.0.15+2

▶CVEListV5fortinet/fortiproxy7.4.0 — 7.4.3+2

▶NVDfortinet/fortiproxy7.0.0 — 7.4.3

🔴Vulnerability Details

CVEList

CVE-2024-26015: An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7↗2024-07-09

▶

GHSA

GHSA-28x5-qjqx-j9fr: An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7↗2024-07-09

▶

📋Vendor Advisories

Fortinet

FortiOS - IP address validation mishandles zero characters↗2024-07-09

▶