Fortinet FortiAnalyzer/Manager CLI Stack Buffer Overflow Vulnerability (CVE-2024-31496) Advisory

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Stack buffer overflow in CLI command 2. Vulnerability ID: FG-IR-24-098 3. Release Date: November 12, 2024 4. Affected Component: CLI 5. Severity: Medium 6. CVSSv3 Score: 6.3 7. Impact: Execution of unauthorized code or commands 8. CVE ID: CVE-2024-31496 9. Remediation: - FortiAnalyzer 7.4: Upgrade to 7.4.3 or later - FortiAnalyzer 7.2: Upgrade to 7.2.6 or later - FortiAnalyzer 7.0: Migrate to a fixed version - FortiAnalyzer 6.4: Migrate to a fixed version - FortiAnalyzer 6.2: Migrate to a fixed version - FortiAnalyzer-BigData 7.4: Upgrade to 7.4.1 or later - FortiAnalyzer-BigData 7.2: Upgrade to 7.2.8 or later - FortiAnalyzer-BigData 7.0: Migrate to a fixed version - FortiAnalyzer-BigData 6.4: Migrate to a fixed version - FortiAnalyzer-BigData 6.2: Migrate to a fixed version - FortiManager 7.4: Upgrade to 7.4.3 or later - FortiManager 7.2: Upgrade to 7.2.6 or later - FortiManager 7.0: Migrate to a fixed version - FortiManager 6.4: Migrate to a fixed version - FortiManager 6.2: Migrate to a fixed version 10. Discovery and Reporting: Internally discovered and reported by Théo Leleu from the Fortinet Product Security team. 11. Initial Release Date: November 12, 2024 This information provides a detailed description of the vulnerability and remediation steps, helping users understand the scope of impact and how to fix the issue.

Goal Reached Thanks to every supporter — we hit 100%!

Fortinet FortiAnalyzer/Manager CLI Stack Buffer Overflow Vulnerability (CVE-2024-31496) Advisory