PT-2025-2453 · Fortinet · Fortios
Published
2025-01-14
·
Updated
2025-07-22
·
CVE-2024-36504
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
FortiOS SSLVPN web portal versions 6.4 through 7.0, versions 7.2.0 through 7.2.8, and versions 7.4.0 through 7.4.4
Description:
The issue is related to an out-of-bounds read vulnerability that may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL. This vulnerability does not impact the SSL VPN tunnel mode.
Recommendations:
For versions 6.4, update to a version that is not affected by this issue.
For versions 7.0, update to a version that is not affected by this issue.
For versions 7.2.0 through 7.2.8, update to a version that is not affected by this issue.
For versions 7.4.0 through 7.4.4, update to a version that is not affected by this issue.
As a temporary workaround, consider restricting access to the SSLVPN web portal until a patch is available.
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios