CVE-2024-50565 | THREATINT

Description

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device

PUBLISHED Reserved 2024-10-24 | Published 2025-04-08 | Updated 2025-04-08 | Assigner fortinet

LOW: 3.0CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

Problem types

Improper access control

Product status

Default status

unaffected

7.4.0 (semver)

affected

7.2.0 (semver)

affected

7.0.0 (semver)

affected

6.4.0 (semver)

affected

6.2.0 (semver)

affected

Default status

unaffected

7.0.0 (semver)

affected

6.4.0 (semver)

affected

6.0.0 (semver)

affected

Default status

unaffected

7.4.0 (semver)

affected

7.2.0 (semver)

affected

7.0.0 (semver)

affected

Default status

unaffected

7.4.0 (semver)

affected

7.2.0 (semver)

affected

7.0.0 (semver)

affected

6.4.0 (semver)

affected

6.2.0 (semver)

affected

References

fortiguard.fortinet.com/psirt/FG-IR-24-046

cve.org (CVE-2024-50565)

nvd.nist.gov (CVE-2024-50565)

Download JSON