Severity
Low
Analysis Summary
CVE-2024-46669 CVSS:3.5
An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.
CVE-2024-55593 CVSS:2.7
Fortinet FortiWeb is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to view, add, modify or delete information in the back-end database.
CVE-2024-52963 CVSS:3.5
A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.
Impact
- Denial of Service
- Data Manipulation
Indicators of Compromise
CVE
CVE-2024-46669
CVE-2024-55593
CVE-2024-52963
Affected Vendors
Affected Products
- Fortinet FortiWeb 6.4.0
- Fortinet FortiWeb 7.0.0
- Fortinet FortiWeb 6.3.6
- Fortinet FortiOS - 7.6.0 - 7.4.0 - 7.2.0 - 7.0.0 - 6.4.0
- Fortinet FortiProxy - 7.4.0 - 7.2.0 - 7.0.0 - 2.0.0
- Fortinet FortiOS - 7.4.0
- Fortinet FortiOS - 7.2.0
- Fortinet FortiOS - 7.2.10
- Fortinet FortiOS - 7.4.4
- Fortinet FortiWeb 6.3.23
- Fortinet FortiPAM - 1.4.0 - 1.3.0 - 1.2.0 - 1.1.0 - 1.0.0
Remediation
Upgrade to the latest version, available from the Fortinet Security advisory.