CVE-2024-47575

Summary

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiManager7.6.0affected
FortinetFortiManager7.4.0 <= 7.4.4affected
FortinetFortiManager7.2.0 <= 7.2.7affected
FortinetFortiManager7.0.0 <= 7.0.12affected
FortinetFortiManager6.4.0 <= 6.4.14affected
FortinetFortiManager6.2.0 <= 6.2.12affected

Weaknesses

  • CWE-306: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References