CVE-2024-50563

CWE-13904 documents4 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 50.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortianalyzer Fortinet Fortianalyzer Cloud Fortinet Fortimanager +1 more

Timeline

PublishedJan 16

Description

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages6 packages

▶NVDfortinet/fortimanager_cloud7.4.1 — 7.4.4

▶NVDfortinet/fortianalyzer_cloud7.4.1 — 7.4.4

▶NVDfortinet/fortimanager7.4.1 — 7.4.4+1

▶CVEListV5fortinet/fortimanager7.6.0 — 7.6.1+1

▶NVDfortinet/fortianalyzer7.4.1 — 7.4.4+1

🔴Vulnerability Details

GHSA

GHSA-w3ph-4wxh-3hvv: A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7↗2025-01-16

▶

CVEList

CVE-2024-50563: A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7↗2025-01-16

▶

📋Vendor Advisories

Fortinet

Weak Authentication in csfd daemon↗2025-01-14

▶