{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26015", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-02-14T09:18:43.246Z", "datePublished": "2024-07-09T15:33:30.260Z", "dateUpdated": "2024-08-01T23:59:31.104Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiProxy", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.3", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.10", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.18", "status": "affected"}]}, {"vendor": "Fortinet", "product": "FortiOS", "defaultStatus": "unaffected", "versions": [{"versionType": "semver", "version": "7.4.0", "lessThanOrEqual": "7.4.3", "status": "affected"}, {"versionType": "semver", "version": "7.2.0", "lessThanOrEqual": "7.2.8", "status": "affected"}, {"versionType": "semver", "version": "7.0.0", "lessThanOrEqual": "7.0.15", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests."}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-07-09T15:33:30.260Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1389", "description": "Improper access control", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:F/RL:W/RC:R"}}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiProxy version 7.4.4 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.4 or above \n"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-446", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-446"}]}, "adp": [{"affected": [{"vendor": "fortinet", "product": "fortiproxy", "cpes": ["cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.0.0", "status": "affected", "lessThan": "7.1.0", "versionType": "semver"}, {"version": "7.2.0", "status": "affected", "lessThan": "7.3.0", "versionType": "semver"}, {"version": "7.4.0", "status": "affected", "lessThanOrEqual": "7.4.3", "versionType": "semver"}]}, {"vendor": "fortinet", "product": "fortios", "cpes": ["cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.0.0", "status": "affected", "lessThan": "7.1.0", "versionType": "custom"}, {"version": "7.2.0", "status": "affected", "lessThan": "7.3.0", "versionType": "custom"}, {"version": "7.4.0", "status": "affected", "lessThanOrEqual": "7.4.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-09T16:00:34.064801Z", "id": "CVE-2024-26015", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T16:05:01.819Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:59:31.104Z"}, "title": "CVE Program Container", "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-446", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-446", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26015", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-09T16:00:34.064801Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortiproxy", "versions": [{"status": "affected", "version": "7.0.0", "lessThan": "7.1.0", "versionType": "semver"}, {"status": "affected", "version": "7.2.0", "lessThan": "7.3.0", "versionType": "semver"}, {"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.3"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*"], "vendor": "fortinet", "product": "fortios", "versions": [{"status": "affected", "version": "7.0.0", "lessThan": "7.1.0", "versionType": "custom"}, {"status": "affected", "version": "7.2.0", "lessThan": "7.3.0", "versionType": "custom"}, {"status": "affected", "version": "7.4.0", "versionType": "custom", "lessThanOrEqual": "7.4.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-09T16:03:16.872Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N/E:F/RL:W/RC:R", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Fortinet", "product": "FortiProxy", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.3"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.10"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.18"}], "defaultStatus": "unaffected"}, {"vendor": "Fortinet", "product": "FortiOS", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "semver", "lessThanOrEqual": "7.4.3"}, {"status": "affected", "version": "7.2.0", "versionType": "semver", "lessThanOrEqual": "7.2.8"}, {"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.0.15"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Please upgrade to FortiProxy version 7.4.4 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.4 or above \n"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-446", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-446"}], "descriptions": [{"lang": "en", "value": "An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1389", "description": "Improper access control"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2024-07-09T15:33:30.260Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26015", "state": "PUBLISHED", "dateUpdated": "2024-07-09T16:05:01.819Z", "dateReserved": "2024-02-14T09:18:43.246Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2024-07-09T15:33:30.260Z", "assignerShortName": "fortinet"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "matchCriteriaId": "662CC1BD-BA5A-4765-9D74-A887690F726F", "versionEndIncluding": "7.4.3", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "F75019A7-F58D-4863-AE73-B63E38C8D880", "versionEndIncluding": "7.0.15", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F669948-010A-4105-9E63-0D47CA92CA10", "versionEndIncluding": "7.2.8", "versionStartIncluding": "7.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "matchCriteriaId": "D89D2813-5224-4658-97B8-56CBD3E49ED6", "versionEndIncluding": "7.4.3", "versionStartIncluding": "7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests."}, {"lang": "es", "value": "Un an\u00e1lisis incorrecto de n\u00fameros con vulnerabilidad de diferentes ra\u00edces [CWE-1389] en FortiProxy versi\u00f3n 7.4.3 e inferior, versi\u00f3n 7.2.10 e inferior, versi\u00f3n 7.0.17 e inferior y FortiOS versi\u00f3n 7.4.3 e inferior, versi\u00f3n 7.2.8 y A continuaci\u00f3n, la versi\u00f3n 7.0.15 y anteriores, la funci\u00f3n de validaci\u00f3n de direcci\u00f3n IP puede permitir que un atacante no autenticado omita la lista de bloqueo de IP mediante solicitudes manipuladas."}], "id": "CVE-2024-26015", "lastModified": "2024-11-21T09:01:45.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-09T16:15:04.810", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-446"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-446"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1389"}], "source": "psirt@fortinet.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-704"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}