Stack-based Buffer Overflow in Fortinet Products
CVE-2024-26010

7.5HIGH

Key Information:

Vendor: Fortinet
Status: Fortipam; Fortiswitchmanager; FortiOS; Fortiproxy
Vendor: CVE Published:; 11 June 2024

Summary

The stack-based buffer overflow vulnerability reported in various versions of Fortinet products allows attackers to exploit the flaw by sending specially crafted packets. This could potentially lead to execution of unauthorized code or commands within the affected systems, presenting significant security implications for users relying on Fortinet's software solutions. Specific products impacted include FortiPAM, FortiWeb, FortiAuthenticator, FortiSwitchManager, FortiOS, and FortiProxy across multiple versions, thereby necessitating immediate attention and remedial actions by users to safeguard their environments.

Affected Version(s)

FortiOS 7.4.0 <= 7.4.3

FortiOS 7.2.0 <= 7.2.7

FortiOS 7.0.0 <= 7.0.14

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-036

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Feb 14, 2024