#VU107371 Allocation of Resources Without Limits or Throttling in FortiOS - CVE-2024-46668
Published: April 10, 2025
Vulnerability identifier: #VU107371
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-46668
CWE-ID: CWE-770
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
FortiOS
FortiOS
Software vendor:
Fortinet, Inc
Fortinet, Inc
Description
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to allocation of resources without limits or throttling. An unauthenticated remote user can consume all system memory via multiple large file uploads.
Remediation
Install update from vendor's website.