PSIRT

Integer Overflow in ipsec ike

Summary

An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS and FortiSASE FortiOS tenant IPsec IKEv1 service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service.

Version	Affected	Solution
FortiOS 7.6	Not affected	Not Applicable
FortiOS 7.4	7.4.0 through 7.4.4	Upgrade to 7.4.5 or above
FortiOS 7.2	7.2 through 7.2.11	Upgrade to 7.2.12 or above
FortiOS 7.0	Not affected	Not Applicable
FortiOS 6.4	Not affected	Not Applicable

Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool

Fortinet in Q4/24 has remediated this issue in FortiSASE version 24.4.a and hence the customers need not perform any action

Virtual Patch named "FG-VD-10006838.0day." is available in FMWP db update 24.090

Workaround:
Configure IPsec VPN Tunnel using IKE v2.

Acknowledgement

Fortinet is pleased to thank Vang3lis and N3vv from VARAS@IIE for reporting this vulnerability under responsible disclosure.

Timeline

2025-01-14: Initial publication
2025-01-15: Added IPS package info
2025-04-11: Added Workaround
2025-05-07: Added FortiOS 7.2 fix indication

IR Number	FG-IR-24-267
Published Date	Jan 14, 2025
Updated Date	May 7, 2025
Component	CLI
Severity	Low
CVSSv3 Score	3.2
Impact	Denial of service
CVE ID
Download	CVRF CSAF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

Integer Overflow in ipsec ike

Summary

Acknowledgement

Timeline

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

Integer Overflow in ipsec ike

Summary

Acknowledgement

Timeline

Threat Intelligence
Center