9.8
CVE-2024-47575
- EPSS 93.93%
- Veröffentlicht 23.10.2024 15:15:30
- Zuletzt bearbeitet 24.10.2025 12:54:32
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
LoginA missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortimanager Version >= 6.2.0 < 6.2.13
Fortinet ≫ Fortimanager Version >= 6.4.0 < 6.4.15
Fortinet ≫ Fortimanager Version >= 7.0.0 < 7.0.13
Fortinet ≫ Fortimanager Version >= 7.2.0 < 7.2.8
Fortinet ≫ Fortimanager Version >= 7.4.0 < 7.4.5
Fortinet ≫ Fortimanager Version7.6.0
Fortinet ≫ Fortimanager Cloud Version >= 6.4.1 <= 6.4.7
Fortinet ≫ Fortimanager Cloud Version >= 7.0.1 < 7.0.13
Fortinet ≫ Fortimanager Cloud Version >= 7.2.1 < 7.2.8
Fortinet ≫ Fortimanager Cloud Version >= 7.4.1 < 7.4.5
23.10.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Fortinet FortiManager Missing Authentication Vulnerability
SchwachstelleFortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.93% | 0.999 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.