Allocation of Resources Without Limits or Throttling in FortiOS - CVE-2024-46668
Published: April 10, 2025
Vulnerability identifier: #VU107371
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-46668
CWE-ID: CWE-770
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Fortinet, Inc
Affected software:
FortiOS
FortiOS
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to allocation of resources without limits or throttling. An unauthenticated remote user can consume all system memory via multiple large file uploads.
How to mitigate CVE-2024-46668
Install update from vendor's website.