CVE-2024-50565

CWE-300CWE-9234 documents4 sources
Severity
7.5HIGH
EPSS
0.1%
top 66.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Fortinet FortianalyzerFortinet FortimanagerFortinet Fortios+3 more
Timeline
PublishedApr 8

Description

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages10 packages

NVDfortinet/fortimanager6.2.06.2.14+4
NVDfortinet/fortios6.4.07.0.16+2
NVDfortinet/fortiweb7.4.07.4.3
NVDfortinet/fortiproxy2.0.07.0.16+2
NVDfortinet/fortivoice6.0.06.4.9+1

🔴Vulnerability Details

2
GHSA
GHSA-j94p-gv3v-cg5q: A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 72025-04-08
CVEList
CVE-2024-50565: A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 72025-04-08

📋Vendor Advisories

1
Fortinet
No certificate name verification for fgfm connection2025-04-08
CVE-2024-50565 (HIGH CVSS 7.5) | A improper restriction of communica | cvebase.io