CVE-2024-52963 MEDIUM

Published: 2025-01-14 | Last Modified: 2026-06-09 | Status: Modified

Description

A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.

Additional Descriptions (1)

Una escritura fuera de los límites en las versiones Fortinet FortiOS 7.6.0, 7.4.0 a 7.4.6, 7.2.0 a 7.2.10, 7.0.0 a 7.0.16, 6.4.0 a 6.4.15 permite a un atacante activar una denegación de servicio a través de paquetes especialmente manipulados.

CVSS Metrics

Base Score: 5.9 (MEDIUM)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector	NETWORK
Attack Complexity	HIGH
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 2.2

Impact Score: 3.6

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-787

Affected Products

Vendor	Product	Version	Update	Type
fortinet	fortios	*	<built-in method update of dict object at 0x7d1e5fe3e200>	Operating System
fortinet	fortios	*	<built-in method update of dict object at 0x7d1e643c1440>	Operating System
fortinet	fortios	7.6.0	<built-in method update of dict object at 0x7d1e643c2780>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fortinet:fortios::::::::`
Yes	`cpe:2.3:o:fortinet:fortios::::::::`
Yes	`cpe:2.3:o:fortinet:fortios:7.6.0:::::::*`

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-373
Source: [email protected]

Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-864900.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e