CVE-2024-46668
HIGHFortiOS 6.4.0-6.4.15, 7.0.0-7.0.15, 7.2.0-7.2.8, 7.4.0-7.4.4 - Unauthenticated Denial of Service via Large File Uploads
Title source: llmDescription
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-24-219
Scores
CVSS v3
7.5
EPSS
0.0209
EPSS Percentile
84.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (1)
fortinet/fortios
6.4.0 - 6.4.16
Published
Jan 14, 2025
Tracked Since
Feb 18, 2026