9.8
CVE-2024-48886
- EPSS 0.13%
- Published 14.01.2025 14:15:33
- Last modified 03.02.2025 22:16:04
- Source psirt@fortinet.com
- Teams watchlist Login
- Open Login
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.
Data is provided by the National Vulnerability Database (NVD)
Fortinet ≫ Fortianalyzer Version >= 7.4.1 < 7.4.4
Fortinet ≫ Fortianalyzer Version >= 7.6.0 < 7.6.2
Fortinet ≫ Fortianalyzer Cloud Version >= 7.4.1 < 7.4.4
Fortinet ≫ Fortimanager Version >= 7.4.1 < 7.4.4
Fortinet ≫ Fortimanager Version >= 7.6.0 < 7.6.2
Fortinet ≫ Fortimanager Cloud Version >= 7.4.1 < 7.4.4
Fortinet ≫ Fortiproxy Version >= 2.0.0 < 2.0.15
Fortinet ≫ Fortiproxy Version >= 7.0.0 < 7.0.18
Fortinet ≫ Fortiproxy Version >= 7.2.0 < 7.2.11
Fortinet ≫ Fortiproxy Version >= 7.4.0 < 7.4.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.325 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@fortinet.com | 9 | 2.2 | 6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-1390 Weak Authentication
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.