CVE-2024-50563

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-50563
A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-221 Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
History

24 Sep 2025, 15:25

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

03 Feb 2025, 21:54

Type Values Removed Values Added
Summary
  • (es) Una autenticación débil en Fortinet FortiManager Cloud, FortiAnalyzer versiones 7.6.0 a 7.6.1, 7.4.1 a 7.4.3, FortiAnalyzer Cloud versiones 7.4.1 a 7.4.3, FortiManager versiones 7.6.0 a 7.6.1, 7.4.1 a 7.4.3, FortiManager Cloud versiones 7.4.1 a 7.4.3 permite a un atacante ejecutar código o comandos no autorizados a través de un ataque de fuerza bruta.
CPE cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-221 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-221 - Mitigation, Vendor Advisory
First Time Fortinet fortiproxy
Fortinet fortianalyzer Cloud
Fortinet fortios
Fortinet fortimanager Cloud
Fortinet fortianalyzer
Fortinet
Fortinet fortimanager

16 Jan 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-16 10:15

Updated : 2025-09-24 15:25

NVD link : CVE-2024-50563

Mitre link : CVE-2024-50563

CVE.ORG link : CVE-2024-50563

JSON object : View

Products Affected

fortinet

  • fortianalyzer
  • fortimanager_cloud
  • fortianalyzer_cloud
  • fortimanager
CWE
CWE-1390

Weak Authentication

NVD-CWE-Other