CVE-2024-52963

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.4.0 through 6.4.15 Fortinet FortiOS versions 7.0.0 through 7.0.16 Fortinet FortiOS versions 7.2.0 through 7.2.10 Fortinet FortiOS versions 7.4.0 through 7.4.6 Fortinet FortiOS version 7.6.0

Description The issue is related to an out-of-bounds write that allows an attacker to trigger a denial of service via specially crafted packets. This can be exploited by an unauthenticated attacker under certain conditions.

Recommendations For Fortinet FortiOS versions 6.4.0 through 6.4.15, update to a version that contains a fix for this issue. For Fortinet FortiOS versions 7.0.0 through 7.0.16, update to a version that contains a fix for this issue. For Fortinet FortiOS versions 7.2.0 through 7.2.10, update to a version that contains a fix for this issue. For Fortinet FortiOS versions 7.4.0 through 7.4.6, update to a version that contains a fix for this issue. For Fortinet FortiOS version 7.6.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the IPSEC daemon to minimize the risk of exploitation.