CVE-2024-50571

Published: Oct 14, 2025Modified: Jan 27, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: psirt@fortinet.com (Secondary)

Description

A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyzer 6.2 all versions, FortiAnalyzer 6.0 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.5, FortiAnalyzer Cloud 7.2.1 through 7.2.9, FortiAnalyzer Cloud 7.0.1 through 7.0.13, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.0 through 7.2.9, FortiManager 7.0.0 through 7.0.13, FortiManager 6.4 all versions, FortiManager 6.2 all versions, FortiManager 6.0 all versions, FortiManager Cloud 7.6.2, FortiManager Cloud 7.4.1 through 7.4.5, FortiManager Cloud 7.2.1 through 7.2.9, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4 all versions, FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiProxy 7.2.0 through 7.2.12, FortiProxy 7.0.0 through 7.0.19, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions allows attacker to execute unauthorized code or commands via specifically crafted requests.

Affected (24)

Products: Fortinet: Fortianalyzer, Fortianalyzer Cloud, Fortimanager, Fortimanager Cloud, Fortios, Fortiproxy

6 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortianalyzer	From 7.0.0 to 7.0.14
Fortinet Fortianalyzer	From 7.2.0 to 7.2.10
Fortinet Fortianalyzer	From 7.4.0 to 7.4.6
Fortinet Fortianalyzer	From 7.6.0 to 7.6.3

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortianalyzer Cloud	From 6.4.1 to 7.0.14
Fortinet Fortianalyzer Cloud	From 7.2.1 to 7.2.10
Fortinet Fortianalyzer Cloud	From 7.4.1 to 7.4.6

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortimanager	From 6.0.0 to 7.0.14
Fortinet Fortimanager	From 7.2.0 to 7.2.10
Fortinet Fortimanager	From 7.4.0 to 7.4.6
Fortinet Fortimanager	From 7.6.0 to 7.6.2

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortimanager Cloud	From 6.4.1 to 7.0.14
Fortinet Fortimanager Cloud	From 7.2.1 to 7.2.10
Fortinet Fortimanager Cloud	From 7.4.1 to 7.4.6
Fortinet Fortimanager Cloud	Version 7.6.2

Configuration E

5 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortios	From 6.2.0 to 6.4.16
Fortinet Fortios	From 7.0.0 to 7.0.17
Fortinet Fortios	From 7.2.0 to 7.2.11
Fortinet Fortios	From 7.4.0 to 7.4.7
Fortinet Fortios	From 7.6.0 to 7.6.3

Configuration F

4 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiproxy	From 1.0.0 to 7.0.20
Fortinet Fortiproxy	From 7.2.0 to 7.2.13
Fortinet Fortiproxy	From 7.4.0 to 7.4.8
Fortinet Fortiproxy	Version 7.6.0

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-442

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.