CVE-2024-35276: A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets.

Affected

27 ranges· showing 25

Vendor	Product	Version range	Fixed in
fortinet	fortianalyzer	—	—
fortinet	fortianalyzer	>= 6.4.0 < 6.4.15	6.4.15
fortinet	fortianalyzer	6.4.0 – 6.4.14	—
fortinet	fortianalyzer	>= 7.0.0 < 7.0.13	7.0.13
fortinet	fortianalyzer	7.0.0 – 7.0.12	—
fortinet	fortianalyzer	>= 7.2.0 < 7.2.6	7.2.6
fortinet	fortianalyzer	7.2.0 – 7.2.5	—
fortinet	fortianalyzer	>= 7.4.0 < 7.4.4	7.4.4
fortinet	fortianalyzer	7.4.0 – 7.4.3	—
fortinet	fortianalyzer_cloud	>= 6.4.1 < 7.0.12	7.0.12
fortinet	fortianalyzer_cloud	>= 7.2.1 < 7.2.6	7.2.6
fortinet	fortianalyzer_cloud	>= 7.4.1 < 7.4.4	7.4.4
fortinet	fortianalyzercloud	—	—
fortinet	fortimanager	—	—
fortinet	fortimanager	>= 6.4.0 < 6.4.15	6.4.15
fortinet	fortimanager	6.4.0 – 6.4.14	—
fortinet	fortimanager	>= 7.0.0 < 7.0.13	7.0.13
fortinet	fortimanager	7.0.0 – 7.0.12	—
fortinet	fortimanager	>= 7.2.0 < 7.2.6	7.2.6
fortinet	fortimanager	7.2.0 – 7.2.5	—
fortinet	fortimanager	>= 7.4.0 < 7.4.4	7.4.4
fortinet	fortimanager	7.4.0 – 7.4.3	—
fortinet	fortimanager_cloud	>= 6.4.1 < 7.0.12	7.0.12
fortinet	fortimanager_cloud	>= 7.2.1 < 7.2.6	7.2.6
fortinet	fortimanager_cloud	>= 7.4.1 < 7.4.4	7.4.4