CVE-2024-48884

CVE-2024-48884 affects Fortinet products including FortiManager (7.6.0–7.6.1, 7.4.1–7.4.3, FortiManager Cloud 7.4.1–7.4.3), FortiOS (7.6.0, 7.4.0–7.4.4, 7.2.0–7.2.9, 7.0.0–7.0.15, 6.4.0–6.4.15), FortiProxy (7.4.0–7.4.5, 7.2.0–7.2.11, 7.0.0–7.0.18, 2.0 all versions, 1.2 all versions, 1.1 all versi...

The vulnerability of the FortiManager system’s operating system, FortiOS, allows a perpetrator to carry out a “man-in-the-middle” attack, gain access to protected information, and redirect network traffic.

The vulnerability of the FortiManager operating system’s FortiOS component lies in the possibility of using weak encryption algorithms. Exploiting this vulnerability allows a malicious actor, operating remotely, to carry out a “man-in-the-middle” attack, gain access to protected information, and...