CVE-2024-35279

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.2.4 through 7.2.8 FortiOS versions 7.4.0 through 7.4.4

Description: A stack-based buffer overflow vulnerability in the implementation of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol in FortiOS is related to a buffer overflow in the stack. Exploitation of this issue may allow a remote attacker to execute arbitrary code or commands by sending specially crafted UDP packets through the CAPWAP control, provided the attacker can evade FortiOS stack protections and the fabric service is running on the exposed interface.

Recommendations: For FortiOS versions 7.2.4 through 7.2.8, update to a version that fixes the buffer overflow vulnerability in the CAPWAP control. For FortiOS versions 7.4.0 through 7.4.4, update to a version that fixes the buffer overflow vulnerability in the CAPWAP control. As a temporary workaround, consider restricting access to the CAPWAP control interface to minimize the risk of exploitation.