CVE-2024-50563
Published: 16 January 2025
Description
A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.
Security Summary
CVE-2024-50563 is a weak authentication vulnerability affecting multiple Fortinet products, including FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1 and 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1 and 7.4.1 through 7.4.3, and FortiManager Cloud versions 7.4.1 through 7.4.3. The flaw, associated with CWE-1390 and NVD-CWE-Other, enables attackers to execute unauthorized code or commands through a brute-force attack. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites.
An unauthenticated remote attacker can exploit this vulnerability by performing a brute-force attack against the weak authentication mechanism. Successful exploitation grants the ability to execute arbitrary code or commands on the affected systems, potentially leading to limited confidentiality, integrity, and availability impacts as per the CVSS vector.
For mitigation details, refer to the Fortinet product security incident response team advisory at https://fortiguard.fortinet.com/psirt/FG-IR-24-221.
Details
- CWE(s)