CVE-2024-50563

Summary

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiAnalyzer7.6.0 <= 7.6.1affected
FortinetFortiAnalyzer7.4.1 <= 7.4.3affected
FortinetFortiManager7.6.0 <= 7.6.1affected
FortinetFortiManager7.4.1 <= 7.4.3affected

Weaknesses

  • CWE-1390: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References