Refine your search
3 vulnerabilities found for fortimanager_cloud by fortinet
CVE-2024-48889 (GCVE-0-2024-48889)
Vulnerability from nvd
Published
2024-12-18 12:44
Modified
2025-08-27 21:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Execute unauthorized code or commands
Summary
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiManager |
Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.3 ≤ 7.2.7 Version: 7.0.5 ≤ 7.0.12 Version: 6.4.10 ≤ 6.4.14 cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-48889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T04:55:50.284489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:26:21.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.12",
"status": "affected",
"version": "7.0.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.14",
"status": "affected",
"version": "6.4.10",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T12:44:38.675Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-425",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-425"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiManager version 7.6.1 or above \nPlease upgrade to FortiManager version 7.4.5 or above \nPlease upgrade to FortiManager version 7.2.8 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.5 or above \nPlease upgrade to FortiManager Cloud version 7.2.8 or above \nPlease upgrade to FortiManager Cloud version 7.0.13 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-48889",
"datePublished": "2024-12-18T12:44:38.675Z",
"dateReserved": "2024-10-09T09:03:09.962Z",
"dateUpdated": "2025-08-27T21:26:21.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47575 (GCVE-0-2024-47575)
Vulnerability from nvd
Published
2024-10-23 15:03
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Execute unauthorized code or commands
Summary
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiManager |
Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.7 Version: 7.0.0 ≤ 7.0.12 Version: 6.4.0 ≤ 6.4.14 Version: 6.2.0 ≤ 6.2.12 cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47575",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T18:32:16.885929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-10-23",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:42.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-23T00:00:00+00:00",
"value": "CVE-2024-47575 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.12",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.14",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.12",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T07:41:45.283Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.5 or above \nPlease upgrade to FortiManager Cloud version 7.2.8 or above \nPlease upgrade to FortiManager Cloud version 7.0.13 or above \nPlease upgrade to FortiManager version 7.6.1 or above \nPlease upgrade to FortiManager version 7.4.5 or above \nPlease upgrade to FortiManager version 7.2.8 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager version 6.2.13 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-47575",
"datePublished": "2024-10-23T15:03:48.798Z",
"dateReserved": "2024-09-27T16:19:24.137Z",
"dateUpdated": "2025-10-21T22:55:42.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47575 (GCVE-0-2024-47575)
Vulnerability from cvelistv5
Published
2024-10-23 15:03
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Execute unauthorized code or commands
Summary
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiManager |
Version: 7.6.0 Version: 7.4.0 ≤ 7.4.4 Version: 7.2.0 ≤ 7.2.7 Version: 7.0.0 ≤ 7.0.12 Version: 6.4.0 ≤ 6.4.14 Version: 6.2.0 ≤ 6.2.12 cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47575",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T18:32:16.885929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-10-23",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:42.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-23T00:00:00+00:00",
"value": "CVE-2024-47575 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.4",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.7",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.12",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.14",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.12",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T07:41:45.283Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.5 or above \nPlease upgrade to FortiManager Cloud version 7.2.8 or above \nPlease upgrade to FortiManager Cloud version 7.0.13 or above \nPlease upgrade to FortiManager version 7.6.1 or above \nPlease upgrade to FortiManager version 7.4.5 or above \nPlease upgrade to FortiManager version 7.2.8 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager version 6.2.13 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-47575",
"datePublished": "2024-10-23T15:03:48.798Z",
"dateReserved": "2024-09-27T16:19:24.137Z",
"dateUpdated": "2025-10-21T22:55:42.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}