Home Fortinet CVE-2024-50571
Back to Fortinet

CVE-2024-50571

FortiAnalyzer - FortiAnalyzer Core

Fortinet CVSS 7.2 Updated March 16, 2026

Executive Risk Summary

"A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer allows an attacker to execute unauthorized code or commands via specifically crafted requests, potentially leading to system compromise. Affected versions include FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, and others."

Operational Audit Arsenal

Target Type Firmware Image
Target Asset FortiAnalyzer Firmware
Standard Path Global Firmware

Manual Verification Required

This is a non-Windows asset (Fortinet). Use the target asset details above to verify your version against vendor advisories.

Patch Impact Forecast

Reboot Required Likely

Moderate

Internal Work Notes

FortiAnalyzer heap-based buffer overflow vulnerability - apply patch from Fortinet to prevent unauthorized code execution

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://fortiguard.fortinet.com/psirt/FG-IR-24-442

Scope of Impact

Fortinet FortimanagerFortinet Fortimanager Cloud (Version 7.6.2)Fortinet FortianalyzerFortinet FortiosFortinet Fortimanager CloudFortinet FortiproxyFortinet Fortiproxy (Version 7.6.0)Fortinet Fortianalyzer Cloud

Original NVD Description

"A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyzer 6.2 all versions, FortiAnalyzer 6.0 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.5, FortiAnalyzer Cloud 7.2.1 through 7.2.9, FortiAnalyzer Cloud 7.0.1 through 7.0.13, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.0 through 7.2.9, FortiManager 7.0.0 through 7.0.13, FortiManager 6.4 all versions, FortiManager 6.2 all versions, FortiManager 6.0 all versions, FortiManager Cloud 7.6.2, FortiManager Cloud 7.4.1 through 7.4.5, FortiManager Cloud 7.2.1 through 7.2.9, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4 all versions, FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiProxy 7.2.0 through 7.2.12, FortiProxy 7.0.0 through 7.0.19, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions allows attacker to execute unauthorized code or commands via specifically crafted requests."

Related Fortinet Threats

CVE-2024-23108 CVSS 10

FortiGate - API
CVE-2024-23109 CVSS 10

FortiGate - API
CVE-2023-34992 CVSS 10

FortiGate - API
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.