Stack buffer overflow in fabric service Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-24-160 Final 1 1 2025-02-11T00:00:00 Current version 2025-02-11T00:00:00 2025-02-11T00:00:00 A stack-based buffer overflow [CWE-121] vulnerability in FortiOS CAPWAP control may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface. None Execute unauthorized code or commands None Internally reported and discovered by Stephen J. Bevan of FortiOS development team. FortiOS 7.4.4 FortiOS 7.4.3 FortiOS 7.4.2 FortiOS 7.4.1 FortiOS 7.4.0 FortiOS 7.2.8 FortiOS 7.2.7 FortiOS 7.2.6 FortiOS 7.2.5 FortiOS 7.2.4 CVE-2024-35279 FortiOS-7.4.4 FortiOS-7.4.3 FortiOS-7.4.2 FortiOS-7.4.1 FortiOS-7.4.0 FortiOS-7.2.8 FortiOS-7.2.7 FortiOS-7.2.6 FortiOS-7.2.5 FortiOS-7.2.4 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-24-160 Stack buffer overflow in fabric service Reference>