CVE-2024-46669 — Integer Overflow or Wraparound in Fortinet Fortios

CWE-190 — Integer Overflow or Wraparound4 documents4 sources

Severity

6.5MEDIUMNVD

CNA3.5

EPSS

0.3%

top 51.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios

Timeline

PublishedJan 14

Description

An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDfortinet/fortios7.2.0 — 7.4.5

▶CVEListV5fortinet/fortios7.4.0 — 7.4.4+1

🔴Vulnerability Details

CVEList

CVE-2024-46669: An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7↗2025-01-14

▶

GHSA

GHSA-r39f-vq75-r7mj: An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7↗2025-01-14

▶

📋Vendor Advisories

Fortinet

Integer Overflow in ipsec ike↗2025-01-14

▶