CVE-2024-26010
Severity CVSS v4.0:
Pending analysis
Type:
CWE-121
Stack-based Buffer Overflow
Publication date:
11/06/2024
Last modified:
11/12/2024
Description
A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* | 6.0.0 (including) | 7.0.15 (excluding) |
| cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* | 7.2.0 (including) | 7.2.8 (excluding) |
| cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* | 7.4.0 (including) | 7.4.4 (excluding) |
| cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:* | 1.0.0 (including) | 1.3.0 (including) |
| cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* | 1.0.0 (including) | 7.0.17 (excluding) |
| cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* | 7.2.0 (including) | 7.2.10 (excluding) |
| cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* | 7.4.0 (including) | 7.4.4 (excluding) |
| cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:* | 7.0.1 (including) | 7.0.4 (excluding) |
| cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:* | 7.2.0 (including) | 7.2.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page