CVE-2024-46667 – This vulnerability in Fortinet FortiSIEM allows... (How to Fix)

Q: What is the severity of CVE-2024-46667?

CVE-2024-46667 has a CVSS score of 7.5 (HIGH). This vulnerability in Fortinet FortiSIEM allows attackers to cause denial of service by consuming all available TLS connections through resource allocation without limits. It affects all versions of FortiSIEM 5.3, 5.4, 6.x, 7.0, and versions 7.1.0 through 7.1.5. Organizations using these vulnerable versions are at risk of service disruption.

📋 TL;DR

This vulnerability in Fortinet FortiSIEM allows attackers to cause denial of service by consuming all available TLS connections through resource allocation without limits. It affects all versions of FortiSIEM 5.3, 5.4, 6.x, 7.0, and versions 7.1.0 through 7.1.5. Organizations using these vulnerable versions are at risk of service disruption.

💻 Affected Systems

Products:

Fortinet FortiSIEM

Versions: 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, 7.1.0 through 7.1.5

Operating Systems: FortiSIEM appliance OS

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with affected versions are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for FortiSIEM, preventing security monitoring and alerting capabilities across the organization.

🟠

Likely Case

Intermittent service degradation or complete outage of FortiSIEM security monitoring functions.

🟢

If Mitigated

Minimal impact with proper network segmentation and connection rate limiting in place.

🌐 Internet-Facing: HIGH - FortiSIEM interfaces exposed to the internet can be directly targeted for DoS attacks.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit this to disrupt security monitoring.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires network access to FortiSIEM TLS endpoints but no authentication. Attackers need to establish and maintain numerous TLS connections.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiSIEM 7.1.6 and later

Vendor Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-24-164

Restart Required: No

Instructions:

1. Download FortiSIEM 7.1.6 or later from Fortinet support portal. 2. Follow Fortinet's upgrade documentation for your deployment type. 3. Apply the update during maintenance window. 4. Verify successful upgrade.

🔧 Temporary Workarounds

Network segmentation and access control

all

Restrict network access to FortiSIEM TLS endpoints to trusted sources only.

Connection rate limiting

all

Implement network-level connection rate limiting using firewalls or load balancers.

🧯 If You Can't Patch

Implement strict network segmentation to limit access to FortiSIEM interfaces
Deploy network-based DDoS protection and connection rate limiting

🔍 How to Verify

Check if Vulnerable:

Check FortiSIEM version via web interface (System > About) or CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Verify version is 7.1.6 or later after patching and monitor for TLS connection exhaustion

📡 Detection & Monitoring

Log Indicators:

Unusually high TLS connection counts
Connection timeout errors
Resource exhaustion warnings

Network Indicators:

Spike in TLS handshake attempts to FortiSIEM ports
Multiple connections from single sources

SIEM Query:

source="fortisiem" AND ("connection limit" OR "resource exhausted" OR "TLS handshake failed")

📊 Metadata

CVE ID: CVE-2024-46667

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.24% exploit probability (47th percentile)

Published: January 14, 2025

Last Updated: July 16, 2025

🔗 References

https://fortiguard.fortinet.com/psirt/FG-IR-24-164 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46667, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

Fortisiem by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network segmentation and access control

Connection rate limiting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities