9.8
CVE-2024-48886
- EPSS 0.13%
- Veröffentlicht 14.01.2025 14:15:33
- Zuletzt bearbeitet 03.02.2025 22:16:04
- Quelle psirt@fortinet.com
- Teams Watchlist Login
- Unerledigt Login
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 7.4.1 < 7.4.4
Fortinet ≫ Fortianalyzer Version >= 7.6.0 < 7.6.2
Fortinet ≫ Fortianalyzer Cloud Version >= 7.4.1 < 7.4.4
Fortinet ≫ Fortimanager Version >= 7.4.1 < 7.4.4
Fortinet ≫ Fortimanager Version >= 7.6.0 < 7.6.2
Fortinet ≫ Fortimanager Cloud Version >= 7.4.1 < 7.4.4
Fortinet ≫ Fortiproxy Version >= 2.0.0 < 2.0.15
Fortinet ≫ Fortiproxy Version >= 7.0.0 < 7.0.18
Fortinet ≫ Fortiproxy Version >= 7.2.0 < 7.2.11
Fortinet ≫ Fortiproxy Version >= 7.4.0 < 7.4.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.325 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 9 | 2.2 | 6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-1390 Weak Authentication
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.