Severity
High
Analysis Summary
CVE-2024-46668 CVSS:7.1
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads.
CVE-2024-35273 CVSS:7
A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.
CVE-2024-48884 CVSS:7.1
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiRecorder versions.
CVE-2023-37936 CVSS:9.6
A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests.
CVE-2024-48886 CVSS:8
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.
CVE-2024-27778 CVSS:8.3
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
CVE-2024-35277 CVSS:8.4
A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets.
Impact
- Privilege Escalation
- Gain Access
Indicators of Compromise
CVE
CVE-2024-46668
CVE-2024-35273
CVE-2024-48884
CVE-2023-37936
CVE-2024-48886
CVE-2024-27778
CVE-2024-35277
Affected Vendors
Affected Products
- Fortinet FortiAnalyzer - 7.4.0
- Fortinet FortiManager - 7.4.0
- Fortinet FortiOS - 7.4.0 - 7.2.0 - 7.0.0 - 6.4.0
- Fortinet FortiManager - 7.6.0 - 7.4.1
- Fortinet FortiOS - 7.6.0 - 7.4.0 - 7.2.0 - 7.0.0 - 6.4.0
- Fortinet FortiProxy - 7.4.0 - 7.2.0 - 7.0.0 - 2.0.0 - 1.2.0 - 1.1.0 - 1.0.0
- Fortinet FortiSwitch - 7.4.0 - 7.2.0 - 7.0.0 - 6.4.0 - 6.2.0 - 6.0.0
- Fortinet FortiSandbox - 4.4.0 - 4.2.0 - 4.0.0 - 3.2.0 - 3.1.0 - 3.0.5
- Fortinet FortiManager - 7.4.0 - 7.2.0 - 7.0.0 - 6.4.0
Remediation
Refer to Fortinet Security Advisory for patch, upgrade, or suggested workaround information.