Gratis scannen
MEDIUMCVE-2024-46667CVSS 6.9

A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to de

wordt vertaald…

Platform

fortinet

Component

fortisiem

Opgelost in

7.1.6

7.0.4

6.7.10

6.6.6

6.5.4

6.4.5

6.3.4

6.2.2

6.1.3

5.4.1

5.3.4

AI Confidence: highNVDEPSS 0.6%Beoordeeld: mei 2026
Bekijk op NVD
Opslaan
Wordt vertaald naar uw taal…

CVE-2024-46667 describes a denial-of-service (DoS) vulnerability within Fortinet FortiSIEM. This flaw allows an attacker to exhaust available connections by sending excessive TLS traffic, effectively preventing legitimate users from accessing the system. The vulnerability impacts FortiSIEM versions 5.3 through 7.1.5, and a patch is available in version 7.1.6.

Impact en Aanvalsscenarioswordt vertaald…

The primary impact of CVE-2024-46667 is a denial-of-service condition. An attacker can leverage this vulnerability to disrupt TLS traffic, rendering FortiSIEM unavailable for legitimate users. This can lead to significant operational disruptions, impacting security monitoring and incident response capabilities. The blast radius extends to any service relying on FortiSIEM for security data analysis and alerting. Successful exploitation could effectively blind an organization to ongoing security threats, allowing attackers to operate undetected.

Uitbuitingscontextwordt vertaald…

CVE-2024-46667 was publicly disclosed on January 14, 2025. The vulnerability's ease of exploitation, combined with the potential for significant disruption, suggests a medium probability of exploitation. No public proof-of-concept (PoC) code has been released as of this writing, but the vulnerability's nature makes it likely that PoCs will emerge. Monitor security advisories and threat intelligence feeds for updates.

Wie Loopt Risicowordt vertaald…

Organizations heavily reliant on FortiSIEM for security monitoring and incident response are particularly at risk. Environments with limited network security controls or those lacking robust rate limiting capabilities are also more vulnerable. Shared hosting environments where multiple tenants share a single FortiSIEM instance could experience widespread disruption if one tenant exploits this vulnerability.

Detectiestappenwordt vertaald…

• fortinet: Monitor FortiSIEM logs for unusually high TLS connection rates from specific IP addresses. Use FortiSIEM's built-in reporting capabilities to identify potential DoS attacks.

Get-FortiSIEMLog -LogType 'Traffic' -Filter 'Protocol = 'TLS' -SortBy 'SourceIP, Count Descending' -Top 10

• generic web: Monitor network traffic for excessive TLS connection attempts to the FortiSIEM appliance. Use network intrusion detection systems (NIDS) to identify and block malicious traffic patterns.

tail -f /var/log/nginx/access.log | grep -i tls | awk '{print $1}' | sort | uniq -c | sort -nr | head -10

Aanvalstijdlijn

  1. Disclosure

    disclosure

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend
CISA KEVNO
InternetblootstellingHoog

EPSS

0.64% (70% percentiel)

CISA SSVC

Exploitatienone
Automatiseerbaarno
Technische Impactpartial

CVSS-vector

DREIGINGSINFORMATIE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:W/RC:C6.9MEDIUMAttack VectorNetworkHoe de aanvaller het doel bereiktAttack ComplexityLowVereiste omstandigheden om te exploiterenPrivileges RequiredNoneVereist authenticatieniveau voor aanvalUser InteractionNoneOf het slachtoffer actie moet ondernemenScopeUnchangedImpact buiten het getroffen onderdeelConfidentialityNoneRisico op blootstelling van gevoelige dataIntegrityNoneRisico op ongeautoriseerde gegevenswijzigingAvailabilityHighRisico op verstoring van dienstennextguardhq.com · CVSS v3.1 Basisscore
Wat betekenen deze metrics?
Attack Vector
Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
Attack Complexity
Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
Privileges Required
Geen — geen authenticatie vereist om te exploiteren.
User Interaction
Geen — automatische en stille aanval. Slachtoffer doet niets.
Scope
Ongewijzigd — impact beperkt tot het kwetsbare component.
Confidentiality
Geen — geen vertrouwelijkheidsimpact.
Integrity
Geen — geen integriteitsimpact.
Availability
Hoog — volledige crash of uitputting van resources. Totale denial of service.

Getroffen Software

Componentfortisiem
LeverancierFortinet
Getroffen bereikOpgelost in
7.1.0 – 7.1.57.1.6
7.0.0 – 7.0.37.0.4
6.7.0 – 6.7.96.7.10
6.6.0 – 6.6.56.6.6
6.5.0 – 6.5.36.5.4
6.4.0 – 6.4.46.4.5
6.3.0 – 6.3.36.3.4
6.2.0 – 6.2.16.2.2
6.1.0 – 6.1.26.1.3
5.4.0 – 5.4.05.4.1
5.3.0 – 5.3.35.3.4

Zwakheidsclassificatie (CWE)

CWE-770

Tijdlijn

  1. Gereserveerd
  2. Gepubliceerd
  3. Gewijzigd
  4. EPSS bijgewerkt

Mitigatie en Workaroundswordt vertaald…

The primary mitigation for CVE-2024-46667 is to upgrade FortiSIEM to version 7.1.6 or later, which contains the fix. If immediate upgrading is not possible, consider implementing rate limiting on incoming TLS connections to FortiSIEM. This can be achieved through network firewalls or intrusion prevention systems (IPS) configured to limit the number of TLS connections from a single source IP address. Monitor FortiSIEM resource utilization (CPU, memory, connections) for unusual spikes, which could indicate an ongoing attack. After upgrading, confirm the fix by attempting to induce the vulnerability and verifying that the system remains stable.

Hoe te verhelpenwordt vertaald…

Actualice FortiSIEM a una versión posterior a la 7.1.5. Consulte el advisory de Fortinet (FG-IR-24-164) para obtener más detalles y las versiones específicas corregidas para cada rama de FortiSIEM. La actualización mitigará la vulnerabilidad de agotamiento de recursos.

CVE Beveiligingsnieuwsbrief

Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.

Veelgestelde vragenwordt vertaald…

What is CVE-2024-46667 — DoS in FortiSIEM?

CVE-2024-46667 is a denial-of-service vulnerability in Fortinet FortiSIEM versions 5.3 through 7.1.5 that allows an attacker to exhaust connections and disrupt TLS traffic.

Am I affected by CVE-2024-46667 in FortiSIEM?

You are affected if you are running FortiSIEM versions 5.3 through 7.1.5. Upgrade to version 7.1.6 or later to mitigate the vulnerability.

How do I fix CVE-2024-46667 in FortiSIEM?

Upgrade FortiSIEM to version 7.1.6 or later. As a temporary workaround, implement rate limiting on incoming TLS connections.

Is CVE-2024-46667 being actively exploited?

While no active exploitation has been confirmed, the vulnerability's nature suggests a potential for exploitation. Monitor security advisories and threat intelligence feeds.

Where can I find the official Fortinet advisory for CVE-2024-46667?

Refer to the official Fortinet security advisory for CVE-2024-46667 on the Fortinet Support website.

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannenCVEs zoeken