CVE-2024-47575 | THREATINT

Description

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

PUBLISHED Reserved 2024-09-27 | Published 2024-10-23 | Updated 2025-10-21 | Assigner fortinet

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C

CISA Known Exploited Vulnerability

Date added 2024-10-23 | Due date 2024-11-13

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Problem types

Execute unauthorized code or commands

Product status

Default status

unaffected

7.6.0

affected

7.4.0 (semver)

affected

7.2.0 (semver)

affected

7.0.0 (semver)

affected

6.4.0 (semver)

affected

6.2.0 (semver)

affected

References

fortiguard.fortinet.com/psirt/FG-IR-24-423

cve.org (CVE-2024-47575)

nvd.nist.gov (CVE-2024-47575)

Download JSON