LOW🇵🇱 Wersja polska

CVE-2024-26015

CVSS 3.4v3.1pub. 2024-07-09upd. 2024-11-21

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.

CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
  • Fortinet FortiOS

    OS
    Fortinet
    7.0.0 – 7.0.157.2.0 – 7.2.87.4.0 – 7.4.3
  • Fortinet Fortiproxy

    APP
    Fortinet
    7.0.0 – 7.4.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassFirewall
CWE
References

Related vulnerabilities

CVE-2026-24858CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2025-59718CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Fortinet FortiOS/FortiProxy/FortiSwitchManager — Auth Bypass przez SAML

CVE-2024-55591CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Authentication Bypass w FortiOS i FortiProxy — przejęcie uprawnień super-admin

CVE-2024-23113CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Krytyczna podatność format string RCE w Fortinet FortiOS, FortiProxy i FortiSwitchManager

CVE-2024-21762CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Out-of-bounds write w Fortinet FortiOS i FortiProxy — RCE bez uwierzytelnienia