CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2024-48886

CVSS 9.0v3.1pub. 2025-01-14upd. 2025-02-03

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Fortinet Fortianalyzer

    APP
    Fortinet
    7.4.1 – 7.4.4 (bez)7.6.0 – 7.6.2 (bez)
  • Fortinet Fortianalyzer Cloud

    APP
    Fortinet
    7.4.1 – 7.4.4 (bez)
  • Fortinet Fortimanager

    APP
    Fortinet
    7.4.1 – 7.4.4 (bez)7.6.0 – 7.6.2 (bez)
  • Fortinet Fortimanager Cloud

    APP
    Fortinet
    7.4.1 – 7.4.4 (bez)
  • Fortinet FortiOS

    OS
    Fortinet
    7.4.0 – 7.4.5 (bez)6.4.0 – 7.0.16 (bez)7.2.0 – 7.2.9 (bez)
  • Fortinet Fortiproxy

    APP
    Fortinet
    7.4.0 – 7.4.5 (bez)2.0.0 – 2.0.15 (bez)7.0.0 – 7.0.18 (bez)7.2.0 – 7.2.11 (bez)
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Firewall
CWE
References

Related vulnerabilities

CVE-2026-24858CRITICAL9.8⚠ KEVPL βœ“ten sam produkt

Fortinet – Auth Bypass przez FortiCloud SSO w wielu produktach

CVE-2025-59718CRITICAL9.8⚠ KEVPL βœ“ten sam produkt

Fortinet FortiOS/FortiProxy/FortiSwitchManager β€” Auth Bypass przez SAML

CVE-2024-55591CRITICAL9.8⚠ KEVPL βœ“ten sam produkt

Authentication Bypass w FortiOS i FortiProxy β€” przejΔ™cie uprawnieΕ„ super-admin

CVE-2024-47575CRITICAL9.8⚠ KEVPL βœ“ten sam produkt

Brak uwierzytelnienia krytycznej funkcji w Fortinet FortiManager β€” RCE

CVE-2024-23113CRITICAL9.8⚠ KEVPL βœ“ten sam produkt

Krytyczna podatnoΕ›Δ‡ format string RCE w Fortinet FortiOS, FortiProxy i FortiSwitchManager

CVE-2024-48886 β€” Fortinet β€” Fortianalyzer β€” CRITICAL β€” CVSS 9.0 | CVEbaza.pl