← Volver a CVEs
CVE-2024-47575
CRITICALCISA KEV9.8
Descripcion
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/23/2024
Ultima modificacion10/24/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorFortinet
ProductoFortiManager
Nombre vulnerabilidadFortinet FortiManager Missing Authentication Vulnerability
Fecha inclusion KEV2024-10-23
Fecha limite remediacion2024-11-13
Uso en ransomwareUnknown
Productos afectados
fortinet:fortimanagerfortinet:fortimanager_cloud
Debilidades (CWE)
CWE-306
Referencias
https://fortiguard.fortinet.com/psirt/FG-IR-24-423(psirt@fortinet.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.