CVE-2024-35273

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 7.4.0 through 7.4.2 Fortinet FortiAnalyzer versions 7.4.0 through 7.4.2

Description: The issue is related to an out-of-bounds write that allows an attacker to escalate privileges via specially crafted HTTP requests. This can potentially enable a remote attacker to execute arbitrary code or commands.

Recommendations: For Fortinet FortiManager versions 7.4.0 through 7.4.2, consider disabling the handling of specially crafted HTTP requests until a patch is available. For Fortinet FortiAnalyzer versions 7.4.0 through 7.4.2, restrict access to the vulnerable proxy server daemon to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.