Lucene search

[email protected]NVD:CVE-2024-26015

HistoryJul 09, 2024 - 4:15 p.m.

CVE-2024-26015

2024-07-0916:15:04

CWE-1389

CWE-704

[email protected]

web.nvd.nist.gov

incorrect parsing

fortiproxy

fortios

ip address validation

cve-2024-26015

cwe-1389

unauthenticated attacker

bypass ip blocklist

CVSS3

4.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS

Percentile

13.4%

JSON

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.

Affected configurations

Nvd

Node

fortinetfortiproxyRange7.0.0–7.4.3

Node

fortinetfortiosRange7.0.0–7.0.15

fortinetfortiosRange7.2.0–7.2.8

fortinetfortiosRange7.4.0–7.4.3

VendorProductVersionCPE
fortinetfortiproxy*cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortiproxy	*	cpe:2.3:a:fortinet:fortiproxy::::::::
fortinet	fortios	*	cpe:2.3:o:fortinet:fortios::::::::

References

fortiguard.fortinet.com/psirt/FG-IR-23-446

CVSS3

4.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS

Percentile

13.4%

JSON

Related for NVD:CVE-2024-26015

cvelist1 nessus1 vulnrichment1 cve1