CVE-2024-35276

MEDIUM

Fortinet FortiAnalyzer & FortiManager Stack-based Buffer Overflow via Crafted Packets

Title source: llm
STIX 2.1

Description

A stack-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0.0 through 7.0.12, FortiAnalyzer 6.4.0 through 6.4.14, FortiAnalyzer Cloud 7.4.1 through 7.4.3, FortiAnalyzer Cloud 7.2.1 through 7.2.5, FortiAnalyzer Cloud 7.0.1 through 7.0.11, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0.1 through 7.0.11, FortiManager Cloud 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets.

References (1)

Core 1
Core References

Scores

CVSS v3 5.6
EPSS 0.0040
EPSS Percentile 32.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-121 CWE-787
Status published
Products (20)
Fortinet/FortiAnalyzer 6.4.0 - 6.4.14
fortinet/fortianalyzer 6.4.0 - 6.4.15
Fortinet/FortiAnalyzer 7.0.0 - 7.0.12
Fortinet/FortiAnalyzer 7.2.0 - 7.2.5
Fortinet/FortiAnalyzer 7.4.0 - 7.4.3
Fortinet/FortiAnalyzer Cloud 6.4.1 - 6.4.7
Fortinet/FortiAnalyzer Cloud 7.0.1 - 7.0.11
Fortinet/FortiAnalyzer Cloud 7.2.1 - 7.2.5
Fortinet/FortiAnalyzer Cloud 7.4.1 - 7.4.3
fortinet/fortianalyzer_cloud 6.4.1 - 7.0.12
... and 10 more
Published Jan 14, 2025
Tracked Since Feb 18, 2026