CVE-2024-47575

{"id": "CVE-2024-47575", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-10-23T15:15:30.707", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575", "tags": ["US Government Resource"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests."}, {"lang": "es", "value": "Una autenticaci\u00f3n faltante para una funci\u00f3n cr\u00edtica en FortiManager 7.6.0, FortiManager 7.4.0 a 7.4.4, FortiManager 7.2.0 a 7.2.7, FortiManager 7.0.0 a 7.0.12, FortiManager 6.4.0 a 6.4.14, FortiManager 6.2.0 a 6.2.12, Fortinet FortiManager Cloud 7.4.1 a 7.4.4, FortiManager Cloud 7.2.1 a 7.2.7, FortiManager Cloud 7.0.1 a 7.0.13, FortiManager Cloud 6.4.1 a 6.4.7 permite a un atacante ejecutar c\u00f3digo o comandos arbitrarios a trav\u00e9s de solicitudes especialmente manipuladas."}], "lastModified": "2025-10-24T12:54:32.207", "cisaActionDue": "2024-11-13", "cisaExploitAdd": "2024-10-23", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7E60883-7F64-4C22-99F9-802A7623DAE0", "versionEndExcluding": "6.2.13", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2AD66B0-9C99-4F83-80AA-B54E6354ADFD", "versionEndExcluding": "6.4.15", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37456E27-0EE2-4AF8-B92F-A5284FEC0409", "versionEndExcluding": "7.0.13", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01E63E1E-4084-4C73-862F-A4CC07914C23", "versionEndExcluding": "7.2.8", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0666260A-1327-4C43-A841-04FB4459449C", "versionEndExcluding": "7.4.5", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0141F06A-F5FE-4DF3-B60E-DD76A1AD8A56"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BB52FA5-7811-4123-8989-59369583F82F", "versionEndIncluding": "6.4.7", "versionStartIncluding": "6.4.1"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29B3A5F2-3121-4902-BBB6-8B4D07767F77", "versionEndExcluding": "7.0.13", "versionStartIncluding": "7.0.1"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3A26BF0-DF69-42F6-B9D8-D3BEE3DD352C", "versionEndExcluding": "7.2.8", "versionStartIncluding": "7.2.1"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E0BCF26-B311-4FFF-866B-3DCA14A26268", "versionEndExcluding": "7.4.5", "versionStartIncluding": "7.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Fortinet FortiManager Missing Authentication Vulnerability"}