Description
An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
E
X
RL
X
RC
X
Affected products
- fortinet / FortiOS7.6.0 – 7.6.0
- fortinet / FortiOS7.4.4 – 7.4.4
- fortinet / FortiOS7.4.3 – 7.4.3
- fortinet / FortiOS7.4.2 – 7.4.2
- fortinet / FortiOS7.4.1 – 7.4.1
- fortinet / FortiOS7.4.0 – 7.4.0
- fortinet / FortiOS7.2.9 – 7.2.9
- fortinet / FortiOS7.2.8 – 7.2.8
- fortinet / FortiOS7.2.7 – 7.2.7
- fortinet / FortiOS7.2.6 – 7.2.6
- fortinet / FortiOS7.2.5 – 7.2.5
- fortinet / FortiOS7.2.4 – 7.2.4
- fortinet / FortiOS7.2.3 – 7.2.3
- fortinet / FortiOS7.2.2 – 7.2.2
- fortinet / FortiOS7.2.1 – 7.2.1
- fortinet / FortiOS7.2.0 – 7.2.0
- fortinet / fortipam1.0.0 – 1.0.0
- fortinet / fortipam1.1.0 – 1.1.0
- fortinet / fortipam1.0.3 – 1.0.3
- fortinet / fortipam1.0.2 – 1.0.2
- fortinet / fortipam1.0.1 – 1.0.1
- fortinet / fortipam1.4.1 – 1.4.1
- fortinet / fortipam1.4.0 – 1.4.0
- fortinet / fortipam1.3.0 – 1.3.0
- fortinet / fortipam1.2.0 – 1.2.0
- fortinet / fortipam1.1.2 – 1.1.2
- fortinet / fortipam1.1.1 – 1.1.1
- fortinet / fortiproxy7.2.0 – 7.2.11
- fortinet / fortiproxy7.0.0 – 7.0.18
- fortinet / fortiproxy2.0.0 – 2.0.14
- fortinet / fortiproxy7.4.0 – 7.4.5
References
- VENDOR_ADVISORYhttps://fortiguard.fortinet.com/psirt/FG-IR-24-266