Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-26015

An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.

Published

2024-07-09T16:15:04.810

Last Modified

2024-11-21T09:01:45.940

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.4 (LOW)

Weaknesses

Type: Secondary
CWE-1389
Type: Primary
CWE-704

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortiproxy	≤ 7.4.3	Yes
Operating System	fortinet	fortios	≤ 7.0.15	Yes
Operating System	fortinet	fortios	≤ 7.2.8	Yes
Operating System	fortinet	fortios	≤ 7.4.3	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-446 Vendor Advisory ([email protected])
https://fortiguard.fortinet.com/psirt/FG-IR-23-446 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)