CVE-2024-47575

Published: Oct 23, 2024Modified: Oct 24, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

Affected (10)

Products: Fortinet: Fortimanager, Fortimanager Cloud

Fortinet

2 products

Fortimanager

Fortimanager Cloud

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortimanager	From 6.2.0 to 6.2.13
Fortinet Fortimanager	From 6.4.0 to 6.4.15
Fortinet Fortimanager	From 7.0.0 to 7.0.13
Fortinet Fortimanager	From 7.2.0 to 7.2.8
Fortinet Fortimanager	From 7.4.0 to 7.4.5
Fortinet Fortimanager	Version 7.6.0
Fortinet Fortimanager Cloud	From 6.4.1 to 6.4.7
Fortinet Fortimanager Cloud	From 7.0.1 to 7.0.13
Fortinet Fortimanager Cloud	From 7.2.1 to 7.2.8
Fortinet Fortimanager Cloud	From 7.4.1 to 7.4.5

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://fortiguard.fortinet.com/psirt/FG-IR-24-423

Source: psirt@fortinet.com

ExploitMitigationVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.