CVE-2024-46669 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2024-46669?

CVE-2024-46669 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-46669?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortios.

Vulnerability Description

An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.

CVSS Score

3.5

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Fortinet	Fortios	>= 7.2.0, < 7.4.5

Related Weaknesses (CWE)

CWE-190

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-267Vendor Advisory

FAQ

What is CVE-2024-46669?

CVE-2024-46669 is a vulnerability with a CVSS score of 3.5 (LOW). An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated att...

How severe is CVE-2024-46669?

CVE-2024-46669 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-46669?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortios.