9.8
CVE-2024-47575
- EPSS 91.38%
- Veröffentlicht 23.10.2024 15:15:30
- Zuletzt bearbeitet 08.11.2024 21:16:28
- Quelle psirt@fortinet.com
- Teams Watchlist Login
- Unerledigt Login
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortimanager Version >= 6.2.0 < 6.2.13
Fortinet ≫ Fortimanager Version >= 6.4.0 < 6.4.15
Fortinet ≫ Fortimanager Version >= 7.0.0 < 7.0.13
Fortinet ≫ Fortimanager Version >= 7.2.0 < 7.2.8
Fortinet ≫ Fortimanager Version >= 7.4.0 < 7.4.5
Fortinet ≫ Fortimanager Version7.6.0
Fortinet ≫ Fortimanager Cloud Version >= 6.4.1 <= 6.4.7
Fortinet ≫ Fortimanager Cloud Version >= 7.0.1 < 7.0.13
Fortinet ≫ Fortimanager Cloud Version >= 7.2.1 < 7.2.8
Fortinet ≫ Fortimanager Cloud Version >= 7.4.1 < 7.4.5
23.10.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Fortinet FortiManager Missing Authentication Vulnerability
SchwachstelleFortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 91.38% | 0.996 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.