Description
A stack-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0.0 through 7.0.12, FortiAnalyzer 6.4.0 through 6.4.14, FortiAnalyzer Cloud 7.4.1 through 7.4.3, FortiAnalyzer Cloud 7.2.1 through 7.2.5, FortiAnalyzer Cloud 7.0.1 through 7.0.11, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0.1 through 7.0.11, FortiManager Cloud 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets.
Published: 2025-01-14
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

Upgrade to upcoming FortiPortal version 6.0.16 or above Upgrade to FortiAnalyzer version 7.6.0 or above Upgrade to FortiAnalyzer version 7.4.4 or above Upgrade to FortiAnalyzer version 7.2.6 or above Upgrade to FortiAnalyzer version 7.0.13 or above Upgrade to FortiAnalyzer version 6.4.15 or above Upgrade to FortiAnalyzer Cloud version 7.4.4 or above Upgrade to FortiAnalyzer Cloud version 7.2.6 or above Upgrade to FortiAnalyzer Cloud version 7.0.12 or above Upgrade to FortiManager version 7.6.0 or above Upgrade to FortiManager version 7.4.4 or above Upgrade to FortiManager version 7.2.6 or above Upgrade to FortiManager version 7.0.13 or above Upgrade to FortiManager version 6.4.15 or above Upgrade to FortiManager Cloud version 7.4.4 or above Upgrade to FortiManager Cloud version 7.2.6 or above Upgrade to FortiManager Cloud version 7.0.12 or above

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-35542 A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets.
History

Wed, 08 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets. A stack-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0.0 through 7.0.12, FortiAnalyzer 6.4.0 through 6.4.14, FortiAnalyzer Cloud 7.4.1 through 7.4.3, FortiAnalyzer Cloud 7.2.1 through 7.2.5, FortiAnalyzer Cloud 7.0.1 through 7.0.11, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0.1 through 7.0.11, FortiManager Cloud 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets.
First Time appeared Fortinet fortianalyzercloud
Fortinet fortimanagercloud
CPEs cpe:2.3:a:fortinet:fortianalyzercloud:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:6.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:6.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:6.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzercloud:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:6.4.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:6.4.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:6.4.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:6.4.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*
Vendors & Products Fortinet fortianalyzercloud
Fortinet fortimanagercloud
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R'}

cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:R'}


Fri, 31 Jan 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Fortinet fortianalyzer Cloud
Fortinet fortimanager Cloud
Weaknesses CWE-787
CPEs cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
Vendors & Products Fortinet fortianalyzer Cloud
Fortinet fortimanager Cloud

Tue, 14 Jan 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 14 Jan 2025 14:15:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets.
First Time appeared Fortinet
Fortinet fortianalyzer
Fortinet fortimanager
Weaknesses CWE-121
CPEs cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
Vendors & Products Fortinet
Fortinet fortianalyzer
Fortinet fortimanager
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R'}


Subscriptions

Fortinet Fortianalyzer Fortianalyzer Cloud Fortianalyzercloud Fortimanager Fortimanager Cloud Fortimanagercloud
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2026-07-08T12:53:13.789Z

Reserved: 2024-05-14T21:15:19.189Z

Link: CVE-2024-35276

cve-icon Vulnrichment

Updated: 2025-01-14T15:15:22.412Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-14T14:15:29.973

Modified: 2026-06-17T07:34:40.090

Link: CVE-2024-35276

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses