CVE-2024-46666

An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-250

Configurations

No configuration.

History

27 Jan 2025, 18:15

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de asignación de recursos sin límites ni limitación [CWE-770] en FortiOS versiones 7.6.0, versiones 7.4.4 a 7.4.0, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones puede permitir que un atacante remoto no autenticado evite el acceso a la GUI a través de solicitudes especialmente manipuladas dirigidas a Endpoints específicos.

14 Jan 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-14 14:15

Updated : 2025-02-18 22:15

NVD link : CVE-2024-46666

Mitre link : CVE-2024-46666

CVE.ORG link : CVE-2024-46666

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

5.3 /10