CVE-2024-46668

Name of the Vulnerable Software and Affected Versions FortiOS versions 6.4.0 through 6.4.15 FortiOS versions 7.0.0 through 7.0.15 FortiOS versions 7.2.0 through 7.2.8 FortiOS versions 7.4.0 through 7.4.4

Description The issue is related to an allocation of resources without limits or throttling, which may allow an unauthenticated remote user to consume all system memory via multiple large file uploads. This can impact the availability of protected information.

Recommendations For FortiOS versions 6.4.0 through 6.4.15, update to a version that includes a fix for this issue. For FortiOS versions 7.0.0 through 7.0.15, update to a version that includes a fix for this issue. For FortiOS versions 7.2.0 through 7.2.8, update to a version that includes a fix for this issue. For FortiOS versions 7.4.0 through 7.4.4, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to FortiOS API endpoints that may be vulnerable to large file uploads until a patch is available.