CVE-2024-26015

LOW

FortiProxy <7.4.3 - Unauthenticated Bypass

Title source: llm

Description

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-23-446

Scores

CVSS v3 3.4

EPSS 0.0005

EPSS Percentile 14.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1389 CWE-704

Status published

Products (2)

fortinet/fortios 7.0.0 - 7.0.15

fortinet/fortiproxy 7.0.0 - 7.4.3

Published Jul 09, 2024

Tracked Since Feb 18, 2026