9.8
CVE-2024-35276
- EPSS 0.4%
- Veröffentlicht 14.01.2025 14:15:29
- Zuletzt bearbeitet 08.07.2026 14:16:52
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
A stack-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0.0 through 7.0.12, FortiAnalyzer 6.4.0 through 6.4.14, FortiAnalyzer Cloud 7.4.1 through 7.4.3, FortiAnalyzer Cloud 7.2.1 through 7.2.5, FortiAnalyzer Cloud 7.0.1 through 7.0.11, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0.1 through 7.0.11, FortiManager Cloud 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 6.4.0 < 6.4.15
Fortinet ≫ Fortianalyzer Version >= 7.0.0 < 7.0.13
Fortinet ≫ Fortianalyzer Version >= 7.2.0 < 7.2.6
Fortinet ≫ Fortianalyzer Version >= 7.4.0 < 7.4.4
Fortinet ≫ Fortianalyzer Cloud Version >= 6.4.1 < 7.0.12
Fortinet ≫ Fortianalyzer Cloud Version >= 7.2.1 < 7.2.6
Fortinet ≫ Fortianalyzer Cloud Version >= 7.4.1 < 7.4.4
Fortinet ≫ Fortimanager Version >= 6.4.0 < 6.4.15
Fortinet ≫ Fortimanager Version >= 7.0.0 < 7.0.13
Fortinet ≫ Fortimanager Version >= 7.2.0 < 7.2.6
Fortinet ≫ Fortimanager Version >= 7.4.0 < 7.4.4
Fortinet ≫ Fortimanager Cloud Version >= 6.4.1 < 7.0.12
Fortinet ≫ Fortimanager Cloud Version >= 7.2.1 < 7.2.6
Fortinet ≫ Fortimanager Cloud Version >= 7.4.1 < 7.4.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.317 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 5.6 | 2.2 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://fortiguard.fortinet.com/psirt/FG-IR-24-165