CVE-2024-35276

Description

A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets.

Remediation

Solution:

Please upgrade to FortiAnalyzer version 7.6.0 or above Please upgrade to FortiAnalyzer version 7.4.4 or above Please upgrade to FortiAnalyzer version 7.2.6 or above Please upgrade to FortiAnalyzer version 7.0.13 or above Please upgrade to FortiAnalyzer version 6.4.15 or above Please upgrade to FortiManager Cloud version 7.4.4 or above Please upgrade to FortiManager Cloud version 7.2.6 or above Please upgrade to FortiManager Cloud version 7.0.12 or above Please upgrade to FortiAnalyzer Cloud version 7.4.4 or above Please upgrade to FortiAnalyzer Cloud version 7.2.6 or above Please upgrade to FortiAnalyzer Cloud version 7.0.12 or above Please upgrade to FortiPortal version 6.0.16 or above Please upgrade to FortiManager version 7.6.0 or above Please upgrade to FortiManager version 7.4.4 or above Please upgrade to FortiManager version 7.2.6 or above Please upgrade to FortiManager version 7.0.13 or above Please upgrade to FortiManager version 6.4.15 or above

References

Link	Tags
https://fortiguard.fortinet.com/psirt/FG-IR-24-165	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-35276?: CVE-2024-35276 has been scored as a medium severity vulnerability.
How to fix CVE-2024-35276?: To fix CVE-2024-35276: Please upgrade to FortiAnalyzer version 7.6.0 or above Please upgrade to FortiAnalyzer version 7.4.4 or above Please upgrade to FortiAnalyzer version 7.2.6 or above Please upgrade to FortiAnalyzer version 7.0.13 or above Please upgrade to FortiAnalyzer version 6.4.15 or above Please upgrade to FortiManager Cloud version 7.4.4 or above Please upgrade to FortiManager Cloud version 7.2.6 or above Please upgrade to FortiManager Cloud version 7.0.12 or above Please upgrade to FortiAnalyzer Cloud version 7.4.4 or above Please upgrade to FortiAnalyzer Cloud version 7.2.6 or above Please upgrade to FortiAnalyzer Cloud version 7.0.12 or above Please upgrade to FortiPortal version 6.0.16 or above Please upgrade to FortiManager version 7.6.0 or above Please upgrade to FortiManager version 7.4.4 or above Please upgrade to FortiManager version 7.2.6 or above Please upgrade to FortiManager version 7.0.13 or above Please upgrade to FortiManager version 6.4.15 or above
Is CVE-2024-35276 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-35276 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-35276?: CVE-2024-35276 affects Fortinet FortiAnalyzer, Fortinet FortiManager.

Description

Remediation

Categories

CWE-121 – Stack-based Buffer Overflow

CWE-787 – Out-of-bounds Write

References

Frequently Asked Questions