CVE-2024-50571

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.0.0 through 6.0.12, 6.2.0 through 6.2.17, 6.4.0 through 6.4.15, 7.0.0 through 7.0.16, 7.2.0 through 7.2.10, 7.6.0 through 7.6.1 Fortinet FortiManager versions 6.0.0 through 6.0.12, 6.2.0 through 6.2.13, 6.4.0 through 6.4.15, 7.0.0 through 7.0.13, 7.2.0 through 7.2.9, 7.6.0 through 7.6.1 Fortinet FortiAnalyzer versions 6.0.0 through 6.0.12, 6.2.0 through 6.2.13, 6.4.0 through 6.4.15, 7.0.0 through 7.0.13, 7.2.0 through 7.2.8, 7.4.0 through 7.4.5, 7.6.0 through 7.6.2 Fortinet FortiProxy versions 1.0.0 through 1.0.7, 1.1.0 through 1.1.6, 1.2.0 through 1.2.13, 2.0.0 through 2.0.14, 7.0.0 through 7.0.19, 7.2.0 through 7.2.12, 7.4.0 through 7.4.6, 7.6.0 Fortinet FortiManager Cloud versions 7.0.1 through 7.0.13, 7.2.1 through 7.2.8, 7.4.1 through 7.4.5, 7.6.2 Fortinet FortiAnalyzer Cloud versions 7.0.1 through 7.0.13, 7.2.1 through 7.2.8, 7.4.1 through 7.4.5 Fortinet fgfmsd (affected versions not specified)

Description A heap-based buffer overflow exists in Fortinet products, potentially allowing an attacker to execute unauthorized code or commands. The issue is triggered by specifically crafted network requests. This flaw impacts multiple Fortinet products, including FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiManager Cloud.

Recommendations Fortinet FortiOS versions 6.0.0 through 6.0.12 should be updated. Fortinet FortiOS versions 6.2.0 through 6.2.17 should be updated. Fortinet FortiOS versions 6.4.0 through 6.4.15 should be updated. Fortinet FortiOS versions 7.0.0 through 7.0.16 should be updated. Fortinet FortiOS versions 7.2.0 through 7.2.10 should be updated. Fortinet FortiOS versions 7.6.0 through 7.6.1 should be updated. Fortinet FortiManager versions 6.0.0 through 6.0.12 should be updated. Fortinet FortiManager versions 6.2.0 through 6.2.13 should be updated. Fortinet FortiManager versions 6.4.0 through 6.4.15 should be updated. Fortinet FortiManager versions 7.0.0 through 7.0.13 should be updated. Fortinet FortiManager versions 7.2.0 through 7.2.9 should be updated. Fortinet FortiManager versions 7.6.0 through 7.6.1 should be updated. Fortinet FortiAnalyzer versions 6.0.0 through 6.0.12 should be updated. Fortinet FortiAnalyzer versions 6.2.0 through 6.2.13 should be updated. Fortinet FortiAnalyzer versions 6.4.0 through 6.4.15 should be updated. Fortinet FortiAnalyzer versions 7.0.0 through 7.0.13 should be updated. Fortinet FortiAnalyzer versions 7.2.0 through 7.2.8 should be updated. Fortinet FortiAnalyzer versions 7.4.0 through 7.4.5 should be updated. Fortinet FortiAnalyzer versions 7.6.0 through 7.6.2 should be updated. Fortinet FortiProxy versions 1.0.0 through 1.0.7 should be updated. Fortinet FortiProxy versions 1.1.0 through 1.1.6 should be updated. Fortinet FortiProxy versions 1.2.0 through 1.2.13 should be updated. Fortinet FortiProxy versions 2.0.0 through 2.0.14 should be updated. Fortinet FortiProxy versions 7.0.0 through 7.0.19 should be updated. Fortinet FortiProxy versions 7.2.0 through 7.2.12 should be updated. Fortinet FortiProxy versions 7.4.0 through 7.4.6 should be updated. Fortinet FortiProxy versions 7.6.0 should be updated. Fortinet FortiManager Cloud versions 7.0.1 through 7.0.13 should be updated. Fortinet FortiManager Cloud versions 7.2.1 through 7.2.8 should be updated. Fortinet FortiManager Cloud versions 7.4.1 through 7.4.5 should be updated. Fortinet FortiManager Cloud versions 7.6.2 should be updated. Fortinet FortiAnalyzer Cloud versions 7.0.1 through 7.0.13 should be updated. Fortinet FortiAnalyzer Cloud versions 7.2.1 through 7.2.8 should be updated. Fortinet FortiAnalyzer Cloud versions 7.4.1 through 7.4.5 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.