CVE-2024-46668

HIGH

FortiOS 6.4.0-6.4.15, 7.0.0-7.0.15, 7.2.0-7.2.8, 7.4.0-7.4.4 - Unauthenticated Denial of Service via Large File Uploads

Title source: llm
STIX 2.1

Description

An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0096
EPSS Percentile 57.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-770
Status published
Products (1)
fortinet/fortios 6.4.0 - 6.4.16
Published Jan 14, 2025
Tracked Since Feb 18, 2026