CVE-2024-48886 — Weak Authentication in Fortinet Fortianalyzer

CWE-1390 — Weak Authentication CWE-755 — Improper Handling of Exceptional Conditions5 documents5 sources

Severity

9.8CRITICALNVD

CNA9.0

EPSS

0.5%

top 34.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortianalyzer Cloud Fortinet Fortimanager +3 more

Timeline

PublishedJan 14

Description

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

▶NVDfortinet/fortimanager_cloud7.4.1 — 7.4.4

▶NVDfortinet/fortianalyzer_cloud7.4.1 — 7.4.4

▶NVDfortinet/fortimanager7.4.1 — 7.4.4+1

▶NVDfortinet/fortios6.4.0 — 7.0.16+2

▶NVDfortinet/fortiproxy2.0.0 — 2.0.15+3

🔴Vulnerability Details

CVEList

CVE-2024-48886: A weak authentication in Fortinet FortiOS versions 7↗2025-01-14

▶

GHSA

GHSA-2mpq-2g57-j8ww: A weak authentication in Fortinet FortiOS versions 7↗2025-01-14

▶

📋Vendor Advisories

Fortinet

Weak Authentication in csfd daemon↗2025-01-14

▶

Juniper

CVE-2024-39547: An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an↗2024-10-11

▶