CVE-2024-35276

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-35276
A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets.

5.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-165 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
History

31 Jan 2025, 17:04

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
First Time Fortinet fortianalyzer Cloud
Fortinet fortimanager Cloud
Fortinet fortianalyzer
Fortinet
Fortinet fortimanager
Summary
  • (es) Un desbordamiento de búfer basado en pila en Fortinet FortiAnalyzer versiones 7.4.0 a 7.4.3, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, FortiManager versiones 7.4.0 a 7.4.3, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, FortiManager Cloud versiones 7.4.1 a 7.4.3, 7.2.1 a 7.2.5, 7.0.1 a 7.0.11, 6.4.1 a 6.4.7, FortiAnalyzer Cloud versiones 7.4.1 a 7.4.3, 7.2.1 a 7.2.5, 7.0.1 ...2, 6.4.0 a 6.4.14, FortiManager Cloud versiones 7.4.1 a 7.4.3, 7.2.1 a 7.2.5, 7.0.1 a 7.0.12, 7.0.11, 6.4.1 a 6.4.7 permite a los atacantes ejecutar código o comandos no autorizados a través de paquetes especialmente manipulados.
CWE CWE-787
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-165 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-165 - Vendor Advisory

14 Jan 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-14 14:15

Updated : 2025-01-31 17:04

NVD link : CVE-2024-35276

Mitre link : CVE-2024-35276

CVE.ORG link : CVE-2024-35276

JSON object : View

Products Affected

fortinet

  • fortianalyzer
  • fortimanager
  • fortianalyzer_cloud
  • fortimanager_cloud
CWE
CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write