CVE-2024-35279

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Feb 11, 2025

CWE ID 121

Summary

CVE-2024-35279 is a stack-based buffer overflow vulnerability affecting Fortinet FortiOS versions 7.2.4 to 7.2.8 and 7.4.0 to 7.4.4. This issue permits a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted UDP packets. The vulnerability (CWE-121) is found in the CAPWAP control and can only be exploited if the attacker manages to bypass FortiOS stack protections and if the fabric service is enabled on the exposed interface.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

FortiOS

Affected Vendors

Fortinet

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/v7zcTB
https://www.cve.org/CVERecord?id=CVE-2024-35279
https://nvd.nist.gov/vuln/detail/CVE-2024-35279

Back to Vulnerability Database