Platform
fortinet
Component
fortisiem
Fixed in
7.1.6
7.0.4
6.7.10
6.6.6
6.5.4
6.4.5
6.3.4
6.2.2
6.1.3
5.4.1
5.3.4
CVE-2024-46667 describes a denial-of-service (DoS) vulnerability within Fortinet FortiSIEM. This flaw allows an attacker to exhaust available connections by sending excessive TLS traffic, effectively preventing legitimate users from accessing the system. The vulnerability impacts FortiSIEM versions 5.3 through 7.1.5, and a patch is available in version 7.1.6.
The primary impact of CVE-2024-46667 is a denial-of-service condition. An attacker can leverage this vulnerability to disrupt TLS traffic, rendering FortiSIEM unavailable for legitimate users. This can lead to significant operational disruptions, impacting security monitoring and incident response capabilities. The blast radius extends to any service relying on FortiSIEM for security data analysis and alerting. Successful exploitation could effectively blind an organization to ongoing security threats, allowing attackers to operate undetected.
CVE-2024-46667 was publicly disclosed on January 14, 2025. The vulnerability's ease of exploitation, combined with the potential for significant disruption, suggests a medium probability of exploitation. No public proof-of-concept (PoC) code has been released as of this writing, but the vulnerability's nature makes it likely that PoCs will emerge. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.64% (70% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-46667 is to upgrade FortiSIEM to version 7.1.6 or later, which contains the fix. If immediate upgrading is not possible, consider implementing rate limiting on incoming TLS connections to FortiSIEM. This can be achieved through network firewalls or intrusion prevention systems (IPS) configured to limit the number of TLS connections from a single source IP address. Monitor FortiSIEM resource utilization (CPU, memory, connections) for unusual spikes, which could indicate an ongoing attack. After upgrading, confirm the fix by attempting to induce the vulnerability and verifying that the system remains stable.
Update FortiSIEM to a version later than 7.1.5. See the Fortinet advisory (FG-IR-24-164) for more details and the specific versions corrected for each FortiSIEM branch. The update will mitigate the resource exhaustion vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-46667 is a denial-of-service vulnerability in Fortinet FortiSIEM versions 5.3 through 7.1.5 that allows an attacker to exhaust connections and disrupt TLS traffic.
You are affected if you are running FortiSIEM versions 5.3 through 7.1.5. Upgrade to version 7.1.6 or later to mitigate the vulnerability.
Upgrade FortiSIEM to version 7.1.6 or later. As a temporary workaround, implement rate limiting on incoming TLS connections.
While no active exploitation has been confirmed, the vulnerability's nature suggests a potential for exploitation. Monitor security advisories and threat intelligence feeds.
Refer to the official Fortinet security advisory for CVE-2024-46667 on the Fortinet Support website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.