CVE-2024-46667

High

Published: 14 January 2025

Published

14 January 2025

Modified

16 July 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0064 70.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-46667 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Fortinet Fortisiem. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 29.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-6 Resource Availability good match

prevent

SC-6 requires mechanisms to protect system resources from unauthorized allocation and consumption, directly addressing the unlimited TLS connection allocation in FortiSIEM.

SC-5 Denial-of-service Protection good match

prevent

SC-5 mandates denial-of-service protections that limit the effects of resource exhaustion attacks like connection flooding targeting TLS traffic.

AC-10 Concurrent Session Control partial match

prevent

AC-10 limits concurrent sessions or connections, mitigating exhaustion of allotted TLS connections by enforcing usage quotas.

NVD Description

A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted…

connections.

Deeper analysisAI

CVE-2024-46667 is a vulnerability involving allocation of resources without limits or throttling, classified under CWE-770, affecting Fortinet FortiSIEM in all versions of 5.3 and 5.4, all 6.x versions, all 7.0 versions, and 7.1.0 through 7.1.5. The issue enables an attacker to consume all allotted connections, resulting in the denial of valid TLS traffic.

With a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), the vulnerability can be exploited remotely by unauthenticated attackers requiring low complexity and no user interaction. Exploitation leads to a denial-of-service condition by exhausting connections and blocking legitimate TLS traffic.

Mitigation details are available in the Fortinet PSIRT advisory at https://fortiguard.fortinet.com/psirt/FG-IR-24-164.

Details

CWE(s): CWE-770

Affected Products

fortinet

fortisiem

5.4.0 · 5.3.0 — 5.3.3 · 6.1.0 — 6.1.2 · 6.2.0 — 6.2.1

CVEs Like This One

CVE-2025-64155Same product: Fortinet Fortisiem

CVE-2025-25256Same product: Fortinet Fortisiem

CVE-2023-40723Same product: Fortinet Fortisiem

CVE-2019-17659Same product: Fortinet Fortisiem

CVE-2024-46668Same vendor: Fortinet

CVE-2024-48885Same vendor: Fortinet

CVE-2024-26006Same vendor: Fortinet

CVE-2024-33504Same vendor: Fortinet

CVE-2024-36512Same vendor: Fortinet

CVE-2024-54027Same vendor: Fortinet

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-164
Vendor Advisory · psirt@fortinet.com