CVE-2024-35277

CWE-306Missing Authentication4 documents4 sources
Severity
7.5HIGH
EPSS
0.3%
top 50.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimanagerFortinet Fortimanager Cloud
Timeline
PublishedJan 14

Description

A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages3 packages

NVDfortinet/fortimanager6.4.06.4.15+3
NVDfortinet/fortimanager_cloud7.0.17.0.13+2
CVEListV5fortinet/fortimanager7.4.07.4.2+3

🔴Vulnerability Details

2
GHSA
GHSA-x6vp-5v5h-8v6q: A missing authentication for critical function in Fortinet FortiPortal version 62025-01-14
CVEList
CVE-2024-35277: A missing authentication for critical function in Fortinet FortiPortal version 62025-01-14

📋Vendor Advisories

1
Fortinet
Missing authentication for managed device configuration files2025-01-14
CVE-2024-35277 (HIGH CVSS 7.5) | A missing authentication for critic | cvebase.io