CVE-2024-46670

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

7.5HIGH

EPSS

2.0%

top 16.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortipam Fortinet Fortiproxy

Timeline

PublishedJan 14

Description

An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDfortinet/fortios7.2.0 — 7.2.10+2

▶CVEListV5fortinet/fortios7.4.0 — 7.4.4+2

▶CVEListV5fortinet/fortipam1.4.0 — 1.4.1+4

▶CVEListV5fortinet/fortiproxy7.4.0 — 7.4.5+3

🔴Vulnerability Details

CVEList

CVE-2024-46670: An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7↗2025-01-14

▶

GHSA

GHSA-v34h-7f4q-76h6: An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7↗2025-01-14

▶

📋Vendor Advisories

Fortinet

Out of bounds read in ipsec ike↗2025-01-14

▶