FortiManager fgfmd remote command execution

Added: 11/15/2024 Background FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure. Problem Missing authentication in the fgfmd service could allow a remote attacker to execute arbitrary commands. Resolution Upgrade to FortiManager...

FortiManager fgfmd remote command execution

Added: 11/15/2024 Background FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure. Problem Missing authentication in the fgfmd service could allow a remote attacker to execute arbitrary commands. Resolution Upgrade to FortiManager...

Palo Alto Expedition 1.2.x < 1.2.92 (CVE-2024-5910)

The version of Palo Alto Expedition installed on the remote host is prior to 1.2.92. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5910 advisory. - Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account...

CVE-2024-26011

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0....

CVE-2024-26011

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0....

CVE-2024-26011

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0....

CVE-2024-26011

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0....

CVE-2024-8074

Missing Authentication for Critical Function, Missing Authorization vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users. This issue affects Nomysem: before 13.10.2024...

PT-2024-8521 · Fortinet · Fortimanager +5

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 6.4.0 through 6.4.14 Fortinet FortiManager versions 7.0.0 through 7.0.11 Fortinet FortiManager versions 7.2.0 through 7.2.4 Fortinet FortiManager versions 7.4.0 through 7.4.2 Fortinet FortiPAM version 1.0.0...

CVE-2024-45764

Dell Enterprise SONiC OS, versions 4.1.x, 4.2.x, contains a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell...

CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-5910 CVS...

VulnCheck KEV: CVE-2024-5910

Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data...

CVE-2024-7763 WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability

In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials...

CVE-2024-47575

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4,...

CVE-2024-47575

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4,...

CVE-2024-47575

CVE-2024-47575 is a critical unauthenticated remote code execution vulnerability in Fortinet FortiManager (including FortiManager Cloud) impacting multiple versions (from 6.2/6.4/7.x lines) via the fgfmsd/fgfmd daemon. The flaw stems from missing authentication for a critical function, allowing a...

CVE-2024-47575

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4,...

VulnCheck KEV: CVE-2024-47575

Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...

Siemens InterMesh Subscriber Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Fortinet FortiManager Missing Authentication (FG-IR-24-423)

The remote host is running a version of FortiManager that is prior to either 6.2.13, 6.4.15, 7.0.13, 7.2.8, 7.4.5 or 7.6.1. It is, therefore, affected by a missing authentication vulnerability in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or...