CVE-2024-26015
LOWDescription
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| fortinet | fortiproxy |
| fortinet | fortios |
| fortinet | fortios |
| fortinet | fortios |
References
Frequently Asked Questions
What is CVE-2024-26015? +
How severe is CVE-2024-26015? +
What products are affected by CVE-2024-26015? +
How do I check if I'm vulnerable to CVE-2024-26015? +
Related Vulnerabilities
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in …
In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work …
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to …
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to …
A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to …
A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and …