CVE-2024-48886
published 2025-01-14CVE-2024-48886: A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | >= 7.4.1 < 7.4.4 | 7.4.4 |
| fortinet | fortianalyzer | >= 7.6.0 < 7.6.2 | 7.6.2 |
| fortinet | fortianalyzer_cloud | >= 7.4.1 < 7.4.4 | 7.4.4 |
| fortinet | fortianalyzercloud | — | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | >= 7.4.1 < 7.4.4 | 7.4.4 |
| fortinet | fortimanager | >= 7.6.0 < 7.6.2 | 7.6.2 |
| fortinet | fortimanager_cloud | >= 7.4.1 < 7.4.4 | 7.4.4 |
| fortinet | fortimanagercloud | — | — |
| fortinet | fortinet | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | >= 6.4.0 < 7.0.16 | 7.0.16 |
| fortinet | fortios | 6.4.0 – 6.4.15 | — |
| fortinet | fortios | 7.0.0 – 7.0.15 | — |
| fortinet | fortios | >= 7.2.0 < 7.2.9 | 7.2.9 |
| fortinet | fortios | 7.2.0 – 7.2.8 | — |
| fortinet | fortios | >= 7.4.0 < 7.4.5 | 7.4.5 |
| fortinet | fortios | 7.4.0 – 7.4.4 | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | >= 2.0.0 < 2.0.15 | 2.0.15 |
| fortinet | fortiproxy | 2.0.0 – 2.0.14 | — |
| fortinet | fortiproxy | >= 7.0.0 < 7.0.18 | 7.0.18 |
| fortinet | fortiproxy | 7.0.0 – 7.0.17 | — |
| fortinet | fortiproxy | >= 7.2.0 < 7.2.11 | 7.2.11 |