June 30, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Jenkins Plugins Vulnerabilities
March 10, 2025Multiple Apple Products Vulnerabilities
March 10, 2025Multiple Jenkins Plugins Vulnerabilities
March 10, 2025Multiple Apple Products Vulnerabilities
March 10, 2025
Severity
Low
Analysis Summary
CVE-2024-46669 CVSS:3.5
An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.
CVE-2024-55593 CVSS:2.7
Fortinet FortiWeb is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to view, add, modify or delete information in the back-end database.
CVE-2024-52963 CVSS:3.5
A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.
Impact
- Denial of Service
- Data Manipulation
Indicators of Compromise
CVE
CVE-2024-46669
CVE-2024-55593
CVE-2024-52963
Affected Vendors
Fortinet
Affected Products
- Fortinet FortiWeb 6.4.0
- Fortinet FortiWeb 7.0.0
- Fortinet FortiWeb 6.3.6
- Fortinet FortiOS - 7.6.0 - 7.4.0 - 7.2.0 - 7.0.0 - 6.4.0
- Fortinet FortiProxy - 7.4.0 - 7.2.0 - 7.0.0 - 2.0.0
- Fortinet FortiOS - 7.4.0
- Fortinet FortiOS - 7.2.0
- Fortinet FortiOS - 7.2.10
- Fortinet FortiOS - 7.4.4
- Fortinet FortiWeb 6.3.23
- Fortinet FortiPAM - 1.4.0 - 1.3.0 - 1.2.0 - 1.1.0 - 1.0.0
Remediation
Upgrade to the latest version, available from the Fortinet Security advisory.