CVE-2024-46669

An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-267	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

History

31 Jan 2025, 16:11

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de desbordamiento de enteros o de envoltura [CWE-190] en la versión 7.4.4 y anteriores, la versión 7.2.10 y anteriores; el servicio IKE IPsec del inquilino FortiOS de FortiSASE versión 23.4.b puede permitir que un atacante autenticado bloquee el túnel IPsec a través de solicitudes manipuladas, lo que resulta en una posible denegación de servicio.
First Time		Fortinet Fortinet fortios
CPE		cpe:2.3:o:fortinet:fortios::::::::
References	~~() https://fortiguard.fortinet.com/psirt/FG-IR-24-267 -~~	() https://fortiguard.fortinet.com/psirt/FG-IR-24-267 - Vendor Advisory

14 Jan 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-14 14:15

Updated : 2025-01-31 16:11

NVD link : CVE-2024-46669

Mitre link : CVE-2024-46669

CVE.ORG link : CVE-2024-46669

JSON object : View

Products Affected

fortinet

fortios

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2024-46669", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-01-14T14:15:32.100", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-267", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "An\u00a0Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service."}, {"lang": "es", "value": "Una vulnerabilidad de desbordamiento de enteros o de envoltura [CWE-190] en la versi\u00f3n 7.4.4 y anteriores, la versi\u00f3n 7.2.10 y anteriores; el servicio IKE IPsec del inquilino FortiOS de FortiSASE versi\u00f3n 23.4.b puede permitir que un atacante autenticado bloquee el t\u00fanel IPsec a trav\u00e9s de solicitudes manipuladas, lo que resulta en una posible denegaci\u00f3n de servicio."}], "lastModified": "2025-01-31T16:11:27.577", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "848B95D5-3792-4B4A-A3AF-B4D72569D4D0", "versionEndExcluding": "7.4.5", "versionStartIncluding": "7.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}