PT-2024-24120 · Fortinet · Fortianalyzer+2
Published
2024-11-12
·
Updated
2025-01-21
·
CVE-2024-31496
CVSS v2.0
6.8
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
FortiManager versions 7.4.0 through 7.4.2 and before 7.2.5
FortiAnalyzer versions 7.4.0 through 7.4.2 and before 7.2.5
FortiAnalyzer-BigData versions 7.4.0 and before 7.2.7
Description
A stack-based buffer overflow issue allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests. This can be achieved by sending a specially formed request to the affected system.
Recommendations
For FortiManager versions 7.4.0 through 7.4.2 and before 7.2.5, update to a version that is not affected by this issue.
For FortiAnalyzer versions 7.4.0 through 7.4.2 and before 7.2.5, update to a version that is not affected by this issue.
For FortiAnalyzer-BigData versions 7.4.0 and before 7.2.7, update to a version that is not affected by this issue.
As a temporary workaround, consider restricting access to the CLI to minimize the risk of exploitation.
Fix
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fortianalyzer
Fortianalyzer-Bigdata
Fortimanager