vulnerability

Fortinet FortiOS: Out-of-bounds Read (CVE-2024-46670)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jan 14, 2025
Added
Feb 3, 2025
Modified
Mar 30, 2026

Description

An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests.

Solutions

fortios-upgrade-7_2_10fortios-upgrade-7_4_5
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.