Stack-based Buffer Overflow in Fortinet Products
CVE-2024-26010

6.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortipam; Fortiswitchmanager; FortiOS; Fortiproxy
Vendor: CVE Published:; 11 June 2024

What is CVE-2024-26010?

The stack-based buffer overflow vulnerability reported in various versions of Fortinet products allows attackers to exploit the flaw by sending specially crafted packets. This could potentially lead to execution of unauthorized code or commands within the affected systems, presenting significant security implications for users relying on Fortinet's software solutions. Specific products impacted include FortiPAM, FortiWeb, FortiAuthenticator, FortiSwitchManager, FortiOS, and FortiProxy across multiple versions, thereby necessitating immediate attention and remedial actions by users to safeguard their environments.

Affected Version(s)

FortiOS 7.4.0 <= 7.4.3

FortiOS 7.2.0 <= 7.2.7

FortiOS 7.0.0 <= 7.0.14

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-036

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Feb 14, 2024