CVE-2024-26015

CVE Database · CVE-2024-26015

CVE-2024-26015

· LOWModified

CVSS v3.1

3.4

EPSS

0.47%

Published

Jul 9, 2024

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Weaknesses (CWE)

CWE-1389CWE-704

Affected Products (4)

fortinet · fortiproxyvulnerable

fortinet · fortiosvulnerable

References (2)

https://fortiguard.fortinet.com/psirt/FG-IR-23-446

Vendor Advisory

https://fortiguard.fortinet.com/psirt/FG-IR-23-446

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs