CVE-2024-46667 - Vulnerability Details

A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00189.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Fortinet	Fortisiem

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem::::::::
	cpe:2.3:a:fortinet:fortisiem:5.4.0:::::::*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Fortinet	Fortisiem

Advisories

Source	ID	Title
EUVD	EUVD-2024-42207	A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections.

Fixes

Solution

Please upgrade to FortiSIEM version 7.2.0 or above Please upgrade to FortiSIEM version 7.1.6 or above

Workaround

No workaround given by the vendor.

References

Link	Providers
https://fortiguard.fortinet.com/psirt/FG-IR-24-164

History

Wed, 16 Jul 2025 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fortinet Fortinet fortisiem
CPEs		cpe:2.3:a:fortinet:fortisiem:::::::: cpe:2.3:a:fortinet:fortisiem:5.4.0:::::::*
Vendors & Products		Fortinet Fortinet fortisiem

Tue, 14 Jan 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 14 Jan 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections.
Weaknesses		CWE-770
References		https://fortiguard.fortinet.com/psirt/FG-IR-24-164
Metrics		cvssV3_1 `{'score': 6.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:W/RC:C'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2025-01-14T14:09:58.844Z

Updated: 2025-02-18T21:37:18.364Z

Reserved: 2024-09-11T12:14:59.204Z

Link: CVE-2024-46667

Vulnrichment

Updated: 2025-01-14T14:28:07.561Z

NVD

Status : Analyzed

Published: 2025-01-14T14:15:31.797

Modified: 2025-07-16T13:16:19.890

Link: CVE-2024-46667

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-12T22:23:07Z

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object