CVE-2024-46668Allocation of Resources Without Limits or Throttling in Fortinet Fortios

CWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
7.5HIGHNVD
EPSS
2.2%
top 15.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortios
Timeline
PublishedJan 14

Description

An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortios6.4.06.4.16+3
CVEListV5fortinet/fortios7.4.07.4.4+3

🔴Vulnerability Details

2
CVEList
CVE-2024-46668: An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 72025-01-14
GHSA
GHSA-xpch-9h27-3hpf: An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 72025-01-14

📋Vendor Advisories

1
Fortinet
Multipart Form Data Denial of Service2025-01-14
CVE-2024-46668 — Fortinet Fortios vulnerability | cvebase