Lucene search
K

CVE-2024-47575

🗓️ 23 Oct 2024 15:03:48Reported by fortinetType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 7 Media mentions👁 447 Views🌐 WEB

A missing authentication in FortiManager allows attacker to execute arbitrary code or command

Related
Detection
Affected
Refs
Paths
Social
NVD
Node
fortinetfortimanagerRange6.2.06.2.13
OR
fortinetfortimanagerRange6.4.06.4.15
OR
fortinetfortimanagerRange7.0.07.0.13
OR
fortinetfortimanagerRange7.2.07.2.8
OR
fortinetfortimanagerRange7.4.07.4.5
OROR
fortinetfortimanager_cloudRange6.4.16.4.7
OR
fortinetfortimanager_cloudRange7.0.17.0.13
OR
fortinetfortimanager_cloudRange7.2.17.2.8
OR
fortinetfortimanager_cloudRange7.4.17.4.5
[
  {
    "vendor": "Fortinet",
    "product": "FortiManager",
    "cpes": [
      "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
      "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "7.6.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.4.0",
        "lessThanOrEqual": "7.4.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.7",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.12",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.14",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.2.0",
        "lessThanOrEqual": "6.2.12",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
serialnorequest bodyget authFGFM authentication step; missing authentication enables exploitationCWE-306
platformrequest bodyget authFGFM authentication step; missing authentication enables exploitationCWE-306
hostnamerequest bodyget authFGFM authentication step; missing authentication enables exploitationCWE-306
tcp_portrequest bodyget connect_tcpFGFM channel creation step used for RCE when authentication is bypassedCWE-306
chan_window_szrequest bodyget connect_tcpFGFM channel creation step used for RCE when authentication is bypassedCWE-306
terminalrequest bodyget connect_tcpFGFM channel creation step used for RCE when authentication is bypassedCWE-306
cmdrequest bodyget connect_tcpFGFM channel creation step used for RCE when authentication is bypassedCWE-306
localidrequest bodyget connect_tcpFGFM channel creation step used for RCE when authentication is bypassedCWE-306
remoteidrequest bodychannelFGFM channel payload delivery used to trigger code executionCWE-306
payload_lengthrequest bodychannelFGFM channel payload delivery used to trigger code executionCWE-306
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 07:57Current
10High risk
Vulners AI Score10
CVSS 3.19.8
EPSS0.94761
SSVC
447