Products
FortiProxy
- 7.4.3 and below
- 7.2.10 and below
- 7.0.17 and below
FortiOS
- 7.4.3 and below
- 7.2.8 and below
- 7.0.15 and below
Source
psirt@fortinet.com
Tags
CVE-2024-26015 details
Published : July 9, 2024, 4:15 p.m.
Last Modified : July 9, 2024, 6:18 p.m.
Last Modified : July 9, 2024, 6:18 p.m.
Description
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.
CVSS Score
| 1 | 2 | 3.4 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-1389 | Incorrect Parsing of Numbers with Different Radices | The product parses numeric input assuming base 10 (decimal) values, but it does not account for inputs that use a different base number (radix). |
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
Base Score
3.4
Exploitability Score
1.6
Impact Score
1.4
Base Severity
LOW
Vector String : CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
References
| URL | Source |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-23-446 | psirt@fortinet.com |
This website uses the NVD API, but is not approved or certified by it.