Cyber Resilience

CVE-2024-46667

HighDDoS

Published: 14 January 2025

Published
14 January 2025
Modified
16 July 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0064 71.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46667 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Fortinet Fortisiem. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2024-46667 is a vulnerability involving allocation of resources without limits or throttling, classified under CWE-770, affecting Fortinet FortiSIEM in all versions of 5.3 and 5.4, all 6.x versions, all 7.0 versions, and 7.1.0 through 7.1.5. The issue enables an attacker to consume all allotted connections, resulting in the denial of valid TLS traffic.

With a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), the vulnerability can be exploited remotely by unauthenticated attackers requiring low complexity and no user interaction. Exploitation leads to a denial-of-service condition by exhausting connections and blocking legitimate TLS traffic.

Mitigation details are available in the Fortinet PSIRT advisory at https://fortiguard.fortinet.com/psirt/FG-IR-24-164.

EU & UK References

Vulnerability details

A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted…

more

connections.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated resource exhaustion vuln directly enables exploitation of public-facing app (T1190) to achieve application DoS via system exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-64155Same product: Fortinet Fortisiem
CVE-2025-25256Same product: Fortinet Fortisiem
CVE-2023-40723Same product: Fortinet Fortisiem
CVE-2024-46668Same vendor: Fortinet
CVE-2019-17659Same product: Fortinet Fortisiem
CVE-2024-36512Same vendor: Fortinet
CVE-2026-40395Shared CWE-770
CVE-2024-35276Same vendor: Fortinet
CVE-2025-24312Shared CWE-770
CVE-2025-24472Same vendor: Fortinet

Affected Assets

fortinet
fortisiem
5.4.0 · 5.3.0 — 5.3.3 · 6.1.0 — 6.1.2 · 6.2.0 — 6.2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-6 requires mechanisms to protect system resources from unauthorized allocation and consumption, directly addressing the unlimited TLS connection allocation in FortiSIEM.

prevent

SC-5 mandates denial-of-service protections that limit the effects of resource exhaustion attacks like connection flooding targeting TLS traffic.

prevent

AC-10 limits concurrent sessions or connections, mitigating exhaustion of allotted TLS connections by enforcing usage quotas.

References