CVE-2024-46669: 
FortiOS vulnerability analysis and mitigation

An Integer Overflow or Wraparound vulnerability (CWE-190) was discovered in FortiOS and FortiSASE FortiOS tenant IPsec IKE service. The vulnerability, identified as CVE-2024-46669, was initially disclosed on January 14, 2025. It affects FortiOS versions 7.4.0 through 7.4.4, version 7.2 all versions, and FortiSASE version 23.4.b (Fortinet Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 3.5 LOW with a vector string of CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L. The issue stems from an Integer Overflow or Wraparound condition in the IPsec IKE service component. The vulnerability requires authentication and can be exploited through crafted requests sent to the affected service (Fortinet Advisory).

When successfully exploited, this vulnerability allows an authenticated attacker to crash the IPsec tunnel, resulting in a potential denial of service condition. The impact is limited to the availability of the IPsec service, with no direct effect on confidentiality or integrity (NVD).

Fortinet has released patches to address this vulnerability. Users of FortiOS 7.4 should upgrade to version 7.4.5 or above. Users of FortiOS 7.2 should migrate to a fixed release. FortiOS versions 7.6, 7.0, and 6.4 are not affected. For FortiSASE, the issue has been remediated in version 24.4.a. Additionally, a Virtual Patch named 'FG-VD-10006838.0day' is available in FMWP db update 24.090 (Fortinet Advisory).