プラットフォーム
fortinet
コンポーネント
fortisiem
修正版
7.1.6
7.0.4
6.7.10
6.6.6
6.5.4
6.4.5
6.3.4
6.2.2
6.1.3
5.4.1
5.3.4
CVE-2024-46667 describes a denial-of-service (DoS) vulnerability within Fortinet FortiSIEM. This flaw allows an attacker to exhaust available connections by sending excessive TLS traffic, effectively preventing legitimate users from accessing the system. The vulnerability impacts FortiSIEM versions 5.3 through 7.1.5, and a patch is available in version 7.1.6.
The primary impact of CVE-2024-46667 is a denial-of-service condition. An attacker can leverage this vulnerability to disrupt TLS traffic, rendering FortiSIEM unavailable for legitimate users. This can lead to significant operational disruptions, impacting security monitoring and incident response capabilities. The blast radius extends to any service relying on FortiSIEM for security data analysis and alerting. Successful exploitation could effectively blind an organization to ongoing security threats, allowing attackers to operate undetected.
CVE-2024-46667 was publicly disclosed on January 14, 2025. The vulnerability's ease of exploitation, combined with the potential for significant disruption, suggests a medium probability of exploitation. No public proof-of-concept (PoC) code has been released as of this writing, but the vulnerability's nature makes it likely that PoCs will emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations heavily reliant on FortiSIEM for security monitoring and incident response are particularly at risk. Environments with limited network security controls or those lacking robust rate limiting capabilities are also more vulnerable. Shared hosting environments where multiple tenants share a single FortiSIEM instance could experience widespread disruption if one tenant exploits this vulnerability.
• fortinet: Monitor FortiSIEM logs for unusually high TLS connection rates from specific IP addresses. Use FortiSIEM's built-in reporting capabilities to identify potential DoS attacks.
Get-FortiSIEMLog -LogType 'Traffic' -Filter 'Protocol = 'TLS' -SortBy 'SourceIP, Count Descending' -Top 10• generic web: Monitor network traffic for excessive TLS connection attempts to the FortiSIEM appliance. Use network intrusion detection systems (NIDS) to identify and block malicious traffic patterns.
tail -f /var/log/nginx/access.log | grep -i tls | awk '{print $1}' | sort | uniq -c | sort -nr | head -10disclosure
エクスプロイト状況
EPSS
0.64% (70% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2024-46667 is to upgrade FortiSIEM to version 7.1.6 or later, which contains the fix. If immediate upgrading is not possible, consider implementing rate limiting on incoming TLS connections to FortiSIEM. This can be achieved through network firewalls or intrusion prevention systems (IPS) configured to limit the number of TLS connections from a single source IP address. Monitor FortiSIEM resource utilization (CPU, memory, connections) for unusual spikes, which could indicate an ongoing attack. After upgrading, confirm the fix by attempting to induce the vulnerability and verifying that the system remains stable.
Actualice FortiSIEM a una versión posterior a la 7.1.5. Consulte el advisory de Fortinet (FG-IR-24-164) para obtener más detalles y las versiones específicas corregidas para cada rama de FortiSIEM. La actualización mitigará la vulnerabilidad de agotamiento de recursos.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-46667 is a denial-of-service vulnerability in Fortinet FortiSIEM versions 5.3 through 7.1.5 that allows an attacker to exhaust connections and disrupt TLS traffic.
You are affected if you are running FortiSIEM versions 5.3 through 7.1.5. Upgrade to version 7.1.6 or later to mitigate the vulnerability.
Upgrade FortiSIEM to version 7.1.6 or later. As a temporary workaround, implement rate limiting on incoming TLS connections.
While no active exploitation has been confirmed, the vulnerability's nature suggests a potential for exploitation. Monitor security advisories and threat intelligence feeds.
Refer to the official Fortinet security advisory for CVE-2024-46667 on the Fortinet Support website.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。