Plattform
fortinet
Komponente
fortisiem
Behoben in
7.1.6
7.0.4
6.7.10
6.6.6
6.5.4
6.4.5
6.3.4
6.2.2
6.1.3
5.4.1
5.3.4
CVE-2024-46667 describes a denial-of-service (DoS) vulnerability within Fortinet FortiSIEM. This flaw allows an attacker to exhaust available connections by sending excessive TLS traffic, effectively preventing legitimate users from accessing the system. The vulnerability impacts FortiSIEM versions 5.3 through 7.1.5, and a patch is available in version 7.1.6.
The primary impact of CVE-2024-46667 is a denial-of-service condition. An attacker can leverage this vulnerability to disrupt TLS traffic, rendering FortiSIEM unavailable for legitimate users. This can lead to significant operational disruptions, impacting security monitoring and incident response capabilities. The blast radius extends to any service relying on FortiSIEM for security data analysis and alerting. Successful exploitation could effectively blind an organization to ongoing security threats, allowing attackers to operate undetected.
CVE-2024-46667 was publicly disclosed on January 14, 2025. The vulnerability's ease of exploitation, combined with the potential for significant disruption, suggests a medium probability of exploitation. No public proof-of-concept (PoC) code has been released as of this writing, but the vulnerability's nature makes it likely that PoCs will emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations heavily reliant on FortiSIEM for security monitoring and incident response are particularly at risk. Environments with limited network security controls or those lacking robust rate limiting capabilities are also more vulnerable. Shared hosting environments where multiple tenants share a single FortiSIEM instance could experience widespread disruption if one tenant exploits this vulnerability.
• fortinet: Monitor FortiSIEM logs for unusually high TLS connection rates from specific IP addresses. Use FortiSIEM's built-in reporting capabilities to identify potential DoS attacks.
Get-FortiSIEMLog -LogType 'Traffic' -Filter 'Protocol = 'TLS' -SortBy 'SourceIP, Count Descending' -Top 10• generic web: Monitor network traffic for excessive TLS connection attempts to the FortiSIEM appliance. Use network intrusion detection systems (NIDS) to identify and block malicious traffic patterns.
tail -f /var/log/nginx/access.log | grep -i tls | awk '{print $1}' | sort | uniq -c | sort -nr | head -10disclosure
Exploit-Status
EPSS
0.64% (70% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-46667 is to upgrade FortiSIEM to version 7.1.6 or later, which contains the fix. If immediate upgrading is not possible, consider implementing rate limiting on incoming TLS connections to FortiSIEM. This can be achieved through network firewalls or intrusion prevention systems (IPS) configured to limit the number of TLS connections from a single source IP address. Monitor FortiSIEM resource utilization (CPU, memory, connections) for unusual spikes, which could indicate an ongoing attack. After upgrading, confirm the fix by attempting to induce the vulnerability and verifying that the system remains stable.
Actualice FortiSIEM a una versión posterior a la 7.1.5. Consulte el advisory de Fortinet (FG-IR-24-164) para obtener más detalles y las versiones específicas corregidas para cada rama de FortiSIEM. La actualización mitigará la vulnerabilidad de agotamiento de recursos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-46667 is a denial-of-service vulnerability in Fortinet FortiSIEM versions 5.3 through 7.1.5 that allows an attacker to exhaust connections and disrupt TLS traffic.
You are affected if you are running FortiSIEM versions 5.3 through 7.1.5. Upgrade to version 7.1.6 or later to mitigate the vulnerability.
Upgrade FortiSIEM to version 7.1.6 or later. As a temporary workaround, implement rate limiting on incoming TLS connections.
While no active exploitation has been confirmed, the vulnerability's nature suggests a potential for exploitation. Monitor security advisories and threat intelligence feeds.
Refer to the official Fortinet security advisory for CVE-2024-46667 on the Fortinet Support website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.