Remote Code Execution Vulnerability in Fortinet FortiOS
CVE-2024-35279

7.7HIGH

Key Information:

Vendor: Fortinet
Status: FortiOS
Vendor: CVE Published:; 11 February 2025

Summary

A stack-based buffer overflow vulnerability exists in Fortinet FortiOS versions 7.2.4 to 7.2.8 and 7.4.0 to 7.4.4. This issue allows remote unauthenticated attackers to execute arbitrary code or commands by sending specially crafted UDP packets through the CAPWAP control. The attacker can exploit this vulnerability if they evade the stack protections of FortiOS and if the fabric service is active on the exposed interface. It is crucial for users to update to the latest versions to mitigate this risk.

Affected Version(s)

FortiOS 7.4.0 <= 7.4.4

FortiOS 7.2.4 <= 7.2.8

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-160

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
May 14, 2024