CVE CVE

CVE-2024-47575

CISA Known Exploited Vulnerability (KEV)

Fortinet FortiManager Missing Authentication Vulnerability

October 23, 2024

November 13, 2024

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

Weakness Enumeration

CWE-ID CWE Name

CWE-306
Missing Authentication for Critical Function

Known Affected Software Configurations


cpe:2.3:a:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.6.11:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:-:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.6.10:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.6.9:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.4.7:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.1:*:*:*:virtual_machine:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.6.8:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.6.7:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.6.6:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.6.5:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.6.4:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.6.3:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.6.2:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.6.1:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.6.0:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.4.6:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.4.5:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.4.4:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.4.3:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.4.2:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.4.1:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.4.0:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.2.10:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.2.9:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.2.7:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.2.6:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.2.4:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.2.3:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.2.2:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:fortinet:fortimanager:5.0.4:*:*:*:*:*:*:*

Details

Source:
NVD
Published:
Updated:

Risk information

CVSS v3

Base score:
9.8
Severity:

CRITICAL

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined