March 24, 2025

March 24, 2025

Critical Chrome Vulnerability Allows Attackers to Execute Arbitrary Code

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 24, 2025

Multiple GitLab Products Vulnerabilities

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 24, 2025

SvcStealer Malware Targeting Users to Extract Sensitive Data from Browsers and Applications – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 24, 2025

Critical Chrome Vulnerability Allows Attackers to Execute Arbitrary Code

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 24, 2025

Multiple GitLab Products Vulnerabilities

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 24, 2025

SvcStealer Malware Targeting Users to Extract Sensitive Data from Browsers and Applications – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

Multiple Jenkins Plugins Vulnerabilities

March 10, 2025

Multiple Apple Products Vulnerabilities

March 10, 2025

Multiple Fortinet Products Vulnerabilities

March 10, 2025

Severity

Low

Analysis Summary

CVE-2024-46669 CVSS:3.5

An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.

CVE-2024-55593 CVSS:2.7

Fortinet FortiWeb is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to view, add, modify or delete information in the back-end database.

CVE-2024-52963 CVSS:3.5

A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.

Impact

Denial of Service
Data Manipulation

Indicators of Compromise

CVE

CVE-2024-46669
CVE-2024-55593
CVE-2024-52963

Affected Vendors

Fortinet

Affected Products

Fortinet FortiWeb 6.4.0
Fortinet FortiWeb 7.0.0
Fortinet FortiWeb 6.3.6
Fortinet FortiOS - 7.6.0 - 7.4.0 - 7.2.0 - 7.0.0 - 6.4.0
Fortinet FortiProxy - 7.4.0 - 7.2.0 - 7.0.0 - 2.0.0
Fortinet FortiOS - 7.4.0
Fortinet FortiOS - 7.2.0
Fortinet FortiOS - 7.2.10
Fortinet FortiOS - 7.4.4
Fortinet FortiWeb 6.3.23
Fortinet FortiPAM - 1.4.0 - 1.3.0 - 1.2.0 - 1.1.0 - 1.0.0

Remediation

Upgrade to the latest version, available from the Fortinet Security advisory.

CVE-2024-46669

CVE-2024-55593

CVE-2024-52963

Platform

Managed Security Services

Assess

Transform

Train

Respond

Resources

Threat Insights

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Assess

Transform

Train

Respond

Resources

Threat Insights

Our Leadership

CSR

Connect with Us

Multiple Jenkins Plugins Vulnerabilities

Multiple Apple Products Vulnerabilities

Multiple Jenkins Plugins Vulnerabilities

Multiple Apple Products Vulnerabilities

Severity

Low

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation