Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-35279 (GCVE-0-2024-35279)
Vulnerability from cvelistv5
- CWE-121 - Execute unauthorized code or commands
▼ | URL | Tags | |
---|---|---|---|
psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-24-160 | Vendor Advisory |
Vendor | Product | Version | ||
---|---|---|---|---|
Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.4 Version: 7.2.4 ≤ 7.2.8 cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:* |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-35279", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-13T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-14T04:55:19.966Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.4", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.4", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-11T16:09:02.911Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-160", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-160" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.5 or above \nPlease upgrade to FortiOS version 7.2.9 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-35279", "datePublished": "2025-02-11T16:09:02.911Z", "dateReserved": "2024-05-14T21:15:19.190Z", "dateUpdated": "2025-02-14T04:55:19.966Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-35279\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2025-02-11T17:15:22.253\",\"lastModified\":\"2025-07-17T20:13:41.827\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de desbordamiento de b\u00fafer basada en pila [CWE-121] en Fortinet FortiOS versi\u00f3n 7.2.4 a 7.2.8 y versi\u00f3n 7.4.0 a 7.4.4 permite a un atacante remoto no autenticado ejecutar c\u00f3digo o comandos arbitrarios a trav\u00e9s de paquetes UDP manipulados mediante el control CAPWAP, siempre que el atacante haya podido evadir las protecciones de la pila de FortiOS y siempre que el servicio de estructura se est\u00e9 ejecutando en la interfaz expuesta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.4\",\"versionEndExcluding\":\"7.2.9\",\"matchCriteriaId\":\"682BB28A-AC64-459D-B330-EA2E06AA9FD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.4.5\",\"matchCriteriaId\":\"A71AD879-997D-4787-A1E9-E4132AC521E2\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-24-160\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}", "vulnrichment": { "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-35279\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-11T16:33:23.681035Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-11T16:33:32.674Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.4\"}, {\"status\": \"affected\", \"version\": \"7.2.4\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.8\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiAuthenticator version 7.0.0 or above \\nPlease upgrade to FortiOS version 7.6.0 or above \\nPlease upgrade to FortiOS version 7.4.5 or above \\nPlease upgrade to FortiOS version 7.2.9 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-160\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-160\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2025-02-11T16:09:02.911Z\"}}}", "cveMetadata": "{\"cveId\": \"CVE-2024-35279\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-14T04:55:19.966Z\", \"dateReserved\": \"2024-05-14T21:15:19.190Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2025-02-11T16:09:02.911Z\", \"assignerShortName\": \"fortinet\"}", "dataType": "CVE_RECORD", "dataVersion": "5.1" } } }
icsa-25-044-06
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "organization": "Siemens ProductCERT", "summary": "reporting these vulnerabilities to CISA." } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products.\nSiemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.", "title": "Summary" }, { "category": "general", "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "title": "General Recommendations" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "legal_disclaimer", "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.", "title": "Terms of Use" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "other", "text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-770770 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.", "title": "Advisory Conversion Disclaimer" }, { "category": "other", "text": "Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", "title": "Recommended Practices" }, { "category": "general", "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", "title": "Recommended Practices" }, { "category": "general", "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", "title": "Recommended Practices" }, { "category": "general", "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" } ], "publisher": { "category": "other", "contact_details": "central@cisa.dhs.gov", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "SSA-770770: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-770770.json" }, { "category": "self", "summary": "SSA-770770: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices - HTML Version", "url": "https://cert-portal.siemens.com/productcert/html/ssa-770770.html" }, { "category": "self", "summary": "ICS Advisory ICSA-25-044-06 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-044-06.json" }, { "category": "self", "summary": "ICS Advisory ICSA-25-044-06 - Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-06" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/topics/industrial-control-systems" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B" } ], "title": "Siemens RUGGEDCOM APE1808 Devices", "tracking": { "current_release_date": "2025-08-12T00:00:00.000000Z", "generator": { "date": "2025-08-14T23:08:57.300935Z", "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-25-044-06", "initial_release_date": "2025-02-11T00:00:00.000000Z", "revision_history": [ { "date": "2025-02-11T00:00:00.000000Z", "legacy_version": "1.0", "number": "1", "summary": "Publication Date" }, { "date": "2025-03-11T00:00:00.000000Z", "legacy_version": "1.1", "number": "2", "summary": "Added newly published upstream vulnerabilities CVE-2024-35279 and CVE-2024-40591" }, { "date": "2025-04-08T00:00:00.000000Z", "legacy_version": "1.2", "number": "3", "summary": "Added newly published upstream vulnerabilities CVE-2024-48886, CVE-2024-50563, CVE-2024-45324 and CVE-2024-3596" }, { "date": "2025-05-13T00:00:00.000000Z", "legacy_version": "1.3", "number": "4", "summary": "Added newly published upstream vulnerabilities CVE-2024-21762, CVE-2022-42475, CVE-2023-27997, CVE-2024-26013 and CVE-2024-50565. Moved CVE-2024-52963 to SSA-864900" }, { "date": "2025-06-10T00:00:00.000000Z", "legacy_version": "1.4", "number": "5", "summary": "Added newly published upstream vulnerability CVE-2025-22252" }, { "date": "2025-07-08T00:00:00.000000Z", "legacy_version": "1.5", "number": "6", "summary": "Added newly published upstream vulnerabilities CVE-2025-22254 and CVE-2025-22251" }, { "date": "2025-08-12T00:00:00.000000Z", "legacy_version": "1.6", "number": "7", "summary": "Added newly published upstream vulnerability CVE-2024-52965" } ], "status": "final", "version": "7" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM APE1808", "product_id": "CSAFPID-0001" } }, { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM APE1808", "product_id": "CSAFPID-0002" } }, { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM APE1808", "product_id": "CSAFPID-0003" } }, { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM APE1808", "product_id": "CSAFPID-0004" } } ], "category": "product_name", "name": "RUGGEDCOM APE1808" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-42475", "cwe": { "id": "CWE-197", "name": "Numeric Truncation Error" }, "notes": [ { "category": "summary", "text": "A heap-based buffer overflow vulnerability [CWE-122]\u00a0in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0002" ] }, "remediations": [ { "category": "mitigation", "details": "Refer to Fortinet Blog for mitigation measures \nhttps://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity", "product_ids": [ "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0002" ] } ], "title": "CVE-2022-42475" }, { "cve": "CVE-2023-27997", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0002" ] }, "remediations": [ { "category": "mitigation", "details": "Refer to Fortinet Blog for mitigation measures \nhttps://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity", "product_ids": [ "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0002" ] } ], "title": "CVE-2023-27997" }, { "cve": "CVE-2024-3596", "cwe": { "id": "CWE-924", "name": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel" }, "notes": [ { "category": "summary", "text": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify responses Access-Reject or Access-Accept using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0004" ] }, "remediations": [ { "category": "mitigation", "details": "Use RADIUS over TLS (aka RADSEC) (\nhttps://fortiguard.fortinet.com/psirt/FG-IR-24-255)", "product_ids": [ "CSAFPID-0004" ] }, { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0004" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0004" ] } ], "title": "CVE-2024-3596" }, { "cve": "CVE-2024-21762", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0002" ] }, "remediations": [ { "category": "mitigation", "details": "Refer to Fortinet Blog for mitigation measures \nhttps://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity", "product_ids": [ "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0002" ] } ], "title": "CVE-2024-21762" }, { "cve": "CVE-2024-26013", "cwe": { "id": "CWE-923", "name": "Improper Restriction of Communication Channel to Intended Endpoints" }, "notes": [ { "category": "summary", "text": "A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-26013" }, { "cve": "CVE-2024-35279", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "A stack-based buffer overflow vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "mitigation", "details": "For each interface, remove the fabric service or block CAPWAP-CONTROL access to port 5246 through a local-in policy (see \nhttps://fortiguard.fortinet.com/psirt/FG-IR-24-160)", "product_ids": [ "CSAFPID-0001" ] }, { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-35279" }, { "cve": "CVE-2024-36504", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-36504" }, { "cve": "CVE-2024-40591", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "notes": [ { "category": "summary", "text": "An incorrect privilege assignment vulnerability in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-40591" }, { "cve": "CVE-2024-45324", "cwe": { "id": "CWE-134", "name": "Use of Externally-Controlled Format String" }, "notes": [ { "category": "summary", "text": "A use of externally-controlled format string vulnerability in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-45324" }, { "cve": "CVE-2024-46665", "cwe": { "id": "CWE-201", "name": "Insertion of Sensitive Information Into Sent Data" }, "notes": [ { "category": "summary", "text": "An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-46665" }, { "cve": "CVE-2024-46666", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "summary", "text": "An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-46666" }, { "cve": "CVE-2024-46668", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "summary", "text": "An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-46668" }, { "cve": "CVE-2024-46669", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "summary", "text": "An\u00a0Integer Overflow or Wraparound vulnerability in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-46669" }, { "cve": "CVE-2024-46670", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "An\u00a0Out-of-bounds Read vulnerability in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-46670" }, { "cve": "CVE-2024-48884", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "notes": [ { "category": "summary", "text": "A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-48884" }, { "cve": "CVE-2024-48885", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "notes": [ { "category": "summary", "text": "A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-48885" }, { "cve": "CVE-2024-48886", "cwe": { "id": "CWE-1390", "name": "Weak Authentication" }, "notes": [ { "category": "summary", "text": "A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-48886" }, { "cve": "CVE-2024-50563", "cwe": { "id": "CWE-1390", "name": "Weak Authentication" }, "notes": [ { "category": "summary", "text": "A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-50563" }, { "cve": "CVE-2024-50565", "cwe": { "id": "CWE-300", "name": "Channel Accessible by Non-Endpoint" }, "notes": [ { "category": "summary", "text": "A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-50565" }, { "cve": "CVE-2024-52965", "cwe": { "id": "CWE-304", "name": "Missing Critical Step in Authentication" }, "notes": [ { "category": "summary", "text": "A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 \u0026 FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user using api-key + PKI user certificate authentication to login even if the certificate is invalid.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0004" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0004" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0004" ] } ], "title": "CVE-2024-52965" }, { "cve": "CVE-2024-54021", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "notes": [ { "category": "summary", "text": "An improper neutralization of crlf sequences in http headers (\u0027http response splitting\u0027) in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0001" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ], "title": "CVE-2024-54021" }, { "cve": "CVE-2025-22251", "cwe": { "id": "CWE-923", "name": "Improper Restriction of Communication Channel to Intended Endpoints" }, "notes": [ { "category": "summary", "text": "An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0004" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0004" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0004" ] } ], "title": "CVE-2025-22251" }, { "cve": "CVE-2025-22252", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "summary", "text": "A missing authentication for critical function vulnerability in FortiOS, FortiProxy, and FortiSwitchManager TACACS+ configured to use a remote TACACS+ server for authentication, that has itself been configured to use ASCII authentication may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0003" ] }, "remediations": [ { "category": "mitigation", "details": "Use alternate authentication mechanism such as PAP, MSCHAP, and CHAP configurations other than ASCII authentication (see \nhttps://www.fortiguard.com/psirt/FG-IR-24-472)", "product_ids": [ "CSAFPID-0003" ] }, { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0003" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-0003" ] } ], "title": "CVE-2025-22252" }, { "cve": "CVE-2025-22254", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "notes": [ { "category": "summary", "text": "An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 \u0026 FortiWeb version 7.6.0 through 7.6.1 and before 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to\u00a0Node.js websocket module.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0004" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "CSAFPID-0004" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0004" ] } ], "title": "CVE-2025-22254" } ] }
fkie_cve-2024-35279
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-24-160 | Vendor Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "682BB28A-AC64-459D-B330-EA2E06AA9FD1", "versionEndExcluding": "7.2.9", "versionStartIncluding": "7.2.4", "vulnerable": true }, { "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "A71AD879-997D-4787-A1E9-E4132AC521E2", "versionEndExcluding": "7.4.5", "versionStartIncluding": "7.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface." }, { "lang": "es", "value": "Una vulnerabilidad de desbordamiento de b\u00fafer basada en pila [CWE-121] en Fortinet FortiOS versi\u00f3n 7.2.4 a 7.2.8 y versi\u00f3n 7.4.0 a 7.4.4 permite a un atacante remoto no autenticado ejecutar c\u00f3digo o comandos arbitrarios a trav\u00e9s de paquetes UDP manipulados mediante el control CAPWAP, siempre que el atacante haya podido evadir las protecciones de la pila de FortiOS y siempre que el servicio de estructura se est\u00e9 ejecutando en la interfaz expuesta." } ], "id": "CVE-2024-35279", "lastModified": "2025-07-17T20:13:41.827", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "psirt@fortinet.com", "type": "Secondary" } ] }, "published": "2025-02-11T17:15:22.253", "references": [ { "source": "psirt@fortinet.com", "tags": [ "Vendor Advisory" ], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-160" } ], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-121" } ], "source": "psirt@fortinet.com", "type": "Primary" } ] }
ssa-770770
Vulnerability from csaf_siemens
Notes
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)", "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Fortinet has published information on vulnerabilities in FortiOS. This advisory lists the related Siemens Industrial products.\nSiemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version.", "title": "Summary" }, { "category": "general", "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "title": "General Recommendations" }, { "category": "general", "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "legal_disclaimer", "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "productcert@siemens.com", "name": "Siemens ProductCERT", "namespace": "https://www.siemens.com" }, "references": [ { "category": "self", "summary": "SSA-770770: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices - HTML Version", "url": "https://cert-portal.siemens.com/productcert/html/ssa-770770.html" }, { "category": "self", "summary": "SSA-770770: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices - CSAF Version", "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-770770.json" } ], "title": "SSA-770770: Multiple Vulnerabilities in Fortigate NGFW Before V7.4.7 on RUGGEDCOM APE1808 Devices", "tracking": { "current_release_date": "2025-08-12T00:00:00Z", "generator": { "engine": { "name": "Siemens ProductCERT CSAF Generator", "version": "1" } }, "id": "SSA-770770", "initial_release_date": "2025-02-11T00:00:00Z", "revision_history": [ { "date": "2025-02-11T00:00:00Z", "legacy_version": "1.0", "number": "1", "summary": "Publication Date" }, { "date": "2025-03-11T00:00:00Z", "legacy_version": "1.1", "number": "2", "summary": "Added newly published upstream vulnerabilities CVE-2024-35279 and CVE-2024-40591" }, { "date": "2025-04-08T00:00:00Z", "legacy_version": "1.2", "number": "3", "summary": "Added newly published upstream vulnerabilities CVE-2024-48886, CVE-2024-50563, CVE-2024-45324 and CVE-2024-3596" }, { "date": "2025-05-13T00:00:00Z", "legacy_version": "1.3", "number": "4", "summary": "Added newly published upstream vulnerabilities CVE-2024-21762, CVE-2022-42475, CVE-2023-27997, CVE-2024-26013 and CVE-2024-50565. Moved CVE-2024-52963 to SSA-864900" }, { "date": "2025-06-10T00:00:00Z", "legacy_version": "1.4", "number": "5", "summary": "Added newly published upstream vulnerability CVE-2025-22252" }, { "date": "2025-07-08T00:00:00Z", "legacy_version": "1.5", "number": "6", "summary": "Added newly published upstream vulnerabilities CVE-2025-22254 and CVE-2025-22251" }, { "date": "2025-08-12T00:00:00Z", "legacy_version": "1.6", "number": "7", "summary": "Added newly published upstream vulnerability CVE-2024-52965" } ], "status": "final", "version": "7" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM APE1808", "product_id": "1" } }, { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM APE1808", "product_id": "2" } }, { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM APE1808", "product_id": "3" } }, { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "RUGGEDCOM APE1808", "product_id": "4" } } ], "category": "product_name", "name": "RUGGEDCOM APE1808" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-42475", "cwe": { "id": "CWE-197", "name": "Numeric Truncation Error" }, "notes": [ { "category": "summary", "text": "A heap-based buffer overflow vulnerability [CWE-122]\u00a0in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.", "title": "Summary" } ], "product_status": { "known_affected": [ "2" ] }, "remediations": [ { "category": "mitigation", "details": "Refer to Fortinet Blog for mitigation measures \nhttps://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity", "product_ids": [ "2" ] }, { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "2" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "2" ] } ], "title": "CVE-2022-42475" }, { "cve": "CVE-2023-27997", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.", "title": "Summary" } ], "product_status": { "known_affected": [ "2" ] }, "remediations": [ { "category": "mitigation", "details": "Refer to Fortinet Blog for mitigation measures \nhttps://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity", "product_ids": [ "2" ] }, { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "2" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "2" ] } ], "title": "CVE-2023-27997" }, { "cve": "CVE-2024-3596", "cwe": { "id": "CWE-924", "name": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel" }, "notes": [ { "category": "summary", "text": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify responses Access-Reject or Access-Accept using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "title": "Summary" } ], "product_status": { "known_affected": [ "4" ] }, "remediations": [ { "category": "mitigation", "details": "Use RADIUS over TLS (aka RADSEC) (\nhttps://fortiguard.fortinet.com/psirt/FG-IR-24-255)", "product_ids": [ "4" ] }, { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "4" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "4" ] } ], "title": "CVE-2024-3596" }, { "cve": "CVE-2024-21762", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "summary", "text": "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests", "title": "Summary" } ], "product_status": { "known_affected": [ "2" ] }, "remediations": [ { "category": "mitigation", "details": "Refer to Fortinet Blog for mitigation measures \nhttps://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity", "product_ids": [ "2" ] }, { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "2" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "2" ] } ], "title": "CVE-2024-21762" }, { "cve": "CVE-2024-26013", "cwe": { "id": "CWE-923", "name": "Improper Restriction of Communication Channel to Intended Endpoints" }, "notes": [ { "category": "summary", "text": "A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-26013" }, { "cve": "CVE-2024-35279", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "A stack-based buffer overflow vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "mitigation", "details": "For each interface, remove the fabric service or block CAPWAP-CONTROL access to port 5246 through a local-in policy (see \nhttps://fortiguard.fortinet.com/psirt/FG-IR-24-160)", "product_ids": [ "1" ] }, { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-35279" }, { "cve": "CVE-2024-36504", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-36504" }, { "cve": "CVE-2024-40591", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "notes": [ { "category": "summary", "text": "An incorrect privilege assignment vulnerability in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access profile has the Security Fabric permission to escalate their privileges to super-admin by connecting the targetted FortiGate to a malicious upstream FortiGate they control.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-40591" }, { "cve": "CVE-2024-45324", "cwe": { "id": "CWE-134", "name": "Use of Externally-Controlled Format String" }, "notes": [ { "category": "summary", "text": "A use of externally-controlled format string vulnerability in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-45324" }, { "cve": "CVE-2024-46665", "cwe": { "id": "CWE-201", "name": "Insertion of Sensitive Information Into Sent Data" }, "notes": [ { "category": "summary", "text": "An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-46665" }, { "cve": "CVE-2024-46666", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "summary", "text": "An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-46666" }, { "cve": "CVE-2024-46668", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "summary", "text": "An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-46668" }, { "cve": "CVE-2024-46669", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "summary", "text": "An\u00a0Integer Overflow or Wraparound vulnerability in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-46669" }, { "cve": "CVE-2024-46670", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "An\u00a0Out-of-bounds Read vulnerability in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-46670" }, { "cve": "CVE-2024-48884", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "notes": [ { "category": "summary", "text": "A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-48884" }, { "cve": "CVE-2024-48885", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "notes": [ { "category": "summary", "text": "A improper limitation of a pathname to a restricted directory (\u0027path traversal\u0027) in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-48885" }, { "cve": "CVE-2024-48886", "cwe": { "id": "CWE-1390", "name": "Weak Authentication" }, "notes": [ { "category": "summary", "text": "A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.0, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-48886" }, { "cve": "CVE-2024-50563", "cwe": { "id": "CWE-1390", "name": "Weak Authentication" }, "notes": [ { "category": "summary", "text": "A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-50563" }, { "cve": "CVE-2024-50565", "cwe": { "id": "CWE-300", "name": "Channel Accessible by Non-Endpoint" }, "notes": [ { "category": "summary", "text": "A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-50565" }, { "cve": "CVE-2024-52965", "cwe": { "id": "CWE-304", "name": "Missing Critical Step in Authentication" }, "notes": [ { "category": "summary", "text": "A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 \u0026 FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user using api-key + PKI user certificate authentication to login even if the certificate is invalid.", "title": "Summary" } ], "product_status": { "known_affected": [ "4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "4" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RC:C", "version": "3.1" }, "products": [ "4" ] } ], "title": "CVE-2024-52965" }, { "cve": "CVE-2024-54021", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "notes": [ { "category": "summary", "text": "An improper neutralization of crlf sequences in http headers (\u0027http response splitting\u0027) in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header.", "title": "Summary" } ], "product_status": { "known_affected": [ "1" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "1" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "1" ] } ], "title": "CVE-2024-54021" }, { "cve": "CVE-2025-22251", "cwe": { "id": "CWE-923", "name": "Improper Restriction of Communication Channel to Intended Endpoints" }, "notes": [ { "category": "summary", "text": "An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets.", "title": "Summary" } ], "product_status": { "known_affected": [ "4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "4" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RC:C", "version": "3.1" }, "products": [ "4" ] } ], "title": "CVE-2025-22251" }, { "cve": "CVE-2025-22252", "cwe": { "id": "CWE-306", "name": "Missing Authentication for Critical Function" }, "notes": [ { "category": "summary", "text": "A missing authentication for critical function vulnerability in FortiOS, FortiProxy, and FortiSwitchManager TACACS+ configured to use a remote TACACS+ server for authentication, that has itself been configured to use ASCII authentication may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.", "title": "Summary" } ], "product_status": { "known_affected": [ "3" ] }, "remediations": [ { "category": "mitigation", "details": "Use alternate authentication mechanism such as PAP, MSCHAP, and CHAP configurations other than ASCII authentication (see \nhttps://www.fortiguard.com/psirt/FG-IR-24-472)", "product_ids": [ "3" ] }, { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "3" ] } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "3" ] } ], "title": "CVE-2025-22252" }, { "cve": "CVE-2025-22254", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "notes": [ { "category": "summary", "text": "An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 \u0026 FortiWeb version 7.6.0 through 7.6.1 and before 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to\u00a0Node.js websocket module.", "title": "Summary" } ], "product_status": { "known_affected": [ "4" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update Fortigate NGFW to V7.4.7. Contact customer support to receive patch and update information", "product_ids": [ "4" ] } ], "scores": [ { "cvss_v3": { "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C", "version": "3.1" }, "products": [ "4" ] } ], "title": "CVE-2025-22254" } ] }
ghsa-8ccx-r52j-39f8
Vulnerability from github
A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface.
{ "affected": [], "aliases": [ "CVE-2024-35279" ], "database_specific": { "cwe_ids": [ "CWE-121" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2025-02-11T17:15:22Z", "severity": "HIGH" }, "details": "A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface.", "id": "GHSA-8ccx-r52j-39f8", "modified": "2025-02-11T18:31:34Z", "published": "2025-02-11T18:31:34Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35279" }, { "type": "WEB", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-160" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
ncsc-2025-0059
Vulnerability from csaf_ncscnl
Notes
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Fortinet heeft een kwetsbaarheid verholpen in FortiOS (Specifiek voor versies 7.2.4 tot 7.2.8 en 7.4.0 tot 7.4.4).", "title": "Feiten" }, { "category": "description", "text": "De kwetsbaarheid bevindt zich in de manier waarop FortiOS omgaat met UDP-pakketten. Een kwaadwillende kan, indien de stackbescherming wordt omzeild en de fabric-service actief is op de blootgestelde interface, willekeurige code uitvoeren. Een soortgelijke kwetsbaarheid is aanwezig in de FortiOS CAPWAP-controle, die dezelfde soort externe code-executie mogelijk maakt onder dezelfde voorwaarden.", "title": "Interpretaties" }, { "category": "description", "text": "Fortinet heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Stack-based Buffer Overflow", "title": "CWE-121" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference - cveprojectv5; nvd", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-160" } ], "title": "Kwetsbaarheid verholpen in Fortinet FortiOS", "tracking": { "current_release_date": "2025-02-13T09:29:35.625977Z", "id": "NCSC-2025-0059", "initial_release_date": "2025-02-13T09:29:35.625977Z", "revision_history": [ { "date": "2025-02-13T09:29:35.625977Z", "number": "0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "fortios", "product": { "name": "fortios", "product_id": "CSAFPID-113752", "product_identification_helper": { "cpe": "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "fortios", "product": { "name": "fortios", "product_id": "CSAFPID-168716", "product_identification_helper": { "cpe": "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "fortios", "product": { "name": "fortios", "product_id": "CSAFPID-265688", "product_identification_helper": { "cpe": "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "fortios", "product": { "name": "fortios", "product_id": "CSAFPID-265687", "product_identification_helper": { "cpe": "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "fortios", "product": { "name": "fortios", "product_id": "CSAFPID-265686", "product_identification_helper": { "cpe": "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "fortios", "product": { "name": "fortios", "product_id": "CSAFPID-265685", "product_identification_helper": { "cpe": "cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "fortios", "product": { "name": "fortios", "product_id": "CSAFPID-599108", "product_identification_helper": { "cpe": "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "fortios", "product": { "name": "fortios", "product_id": "CSAFPID-707018", "product_identification_helper": { "cpe": "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "fortios", "product": { "name": "fortios", "product_id": "CSAFPID-832162", "product_identification_helper": { "cpe": "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "fortios", "product": { "name": "fortios", "product_id": "CSAFPID-1445936", "product_identification_helper": { "cpe": "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "fortios", "product": { "name": "fortios", "product_id": "CSAFPID-1749569", "product_identification_helper": { "cpe": "cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*" } } } ], "category": "vendor", "name": "fortinet" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-35279", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Stack-based Buffer Overflow", "title": "CWE-121" } ], "product_status": { "known_affected": [ "CSAFPID-113752", "CSAFPID-168716", "CSAFPID-265688", "CSAFPID-265687", "CSAFPID-265686", "CSAFPID-265685", "CSAFPID-599108", "CSAFPID-707018", "CSAFPID-832162", "CSAFPID-1445936", "CSAFPID-1749569" ] }, "references": [ { "category": "self", "summary": "CVE-2024-35279", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35279.json" } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C", "version": "3.1" }, "products": [ "CSAFPID-113752", "CSAFPID-168716", "CSAFPID-265688", "CSAFPID-265687", "CSAFPID-265686", "CSAFPID-265685", "CSAFPID-599108", "CSAFPID-707018", "CSAFPID-832162", "CSAFPID-1445936", "CSAFPID-1749569" ] } ], "title": "CVE-2024-35279" } ] }
cnvd-2025-03518
Vulnerability from cnvd
Title: Fortinet FortiOS缓冲区溢出漏洞(CNVD-2025-03518)
Description:
Fortinet FortiOS是美国飞塔(Fortinet)公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。
Fortinet FortiOS存在缓冲区溢出漏洞,该漏洞源于应用在处理不受信任的输入时出现边界错误。远程攻击者可利用该漏洞在系统上执行任意代码或者导致拒绝服务攻击。
Severity: 高
Patch Name: Fortinet FortiOS缓冲区溢出漏洞(CNVD-2025-03518)的补丁
Patch Description:
Fortinet FortiOS是美国飞塔(Fortinet)公司的一套专用于FortiGate网络安全平台上的安全操作系统。该系统为用户提供防火墙、防病毒、IPSec/SSLVPN、Web内容过滤和反垃圾邮件等多种安全功能。
Fortinet FortiOS存在缓冲区溢出漏洞,该漏洞源于应用在处理不受信任的输入时出现边界错误。远程攻击者可利用该漏洞在系统上执行任意代码或者导致拒绝服务攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布了漏洞修复程序,请及时关注更新: https://fortiguard.com/psirt/FG-IR-24-160
Reference: https://fortiguard.fortinet.com/psirt/FG-IR-24-160
Name | ['Fortinet FortiOS >=7.2.4,<=7.2.8', 'Fortinet FortiOS >=7.4.0,<=7.4.4'] |
---|
{ "cves": { "cve": { "cveNumber": "CVE-2024-35279", "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-35279" } }, "description": "Fortinet FortiOS\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8eFortiGate\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u4e0a\u7684\u5b89\u5168\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3a\u7528\u6237\u63d0\u4f9b\u9632\u706b\u5899\u3001\u9632\u75c5\u6bd2\u3001IPSec/SSLVPN\u3001Web\u5185\u5bb9\u8fc7\u6ee4\u548c\u53cd\u5783\u573e\u90ae\u4ef6\u7b49\u591a\u79cd\u5b89\u5168\u529f\u80fd\u3002\n\nFortinet FortiOS\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u5728\u5904\u7406\u4e0d\u53d7\u4fe1\u4efb\u7684\u8f93\u5165\u65f6\u51fa\u73b0\u8fb9\u754c\u9519\u8bef\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u8005\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002", "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://fortiguard.com/psirt/FG-IR-24-160", "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e", "number": "CNVD-2025-03518", "openTime": "2025-02-24", "patchDescription": "Fortinet FortiOS\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u7528\u4e8eFortiGate\u7f51\u7edc\u5b89\u5168\u5e73\u53f0\u4e0a\u7684\u5b89\u5168\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u4e3a\u7528\u6237\u63d0\u4f9b\u9632\u706b\u5899\u3001\u9632\u75c5\u6bd2\u3001IPSec/SSLVPN\u3001Web\u5185\u5bb9\u8fc7\u6ee4\u548c\u53cd\u5783\u573e\u90ae\u4ef6\u7b49\u591a\u79cd\u5b89\u5168\u529f\u80fd\u3002\r\n\r\nFortinet FortiOS\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u5728\u5904\u7406\u4e0d\u53d7\u4fe1\u4efb\u7684\u8f93\u5165\u65f6\u51fa\u73b0\u8fb9\u754c\u9519\u8bef\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u8005\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002", "patchName": "Fortinet FortiOS\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2025-03518\uff09\u7684\u8865\u4e01", "products": { "product": [ "Fortinet FortiOS \u003e=7.2.4\uff0c\u003c=7.2.8", "Fortinet FortiOS \u003e=7.4.0\uff0c\u003c=7.4.4" ] }, "referenceLink": "https://fortiguard.fortinet.com/psirt/FG-IR-24-160", "serverity": "\u9ad8", "submitTime": "2025-02-17", "title": "Fortinet FortiOS\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2025-03518\uff09" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.