Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-50563

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

Published

2025-01-16T10:15:09.480

Last Modified

2025-02-03T21:54:17.977

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

Weaknesses

Type: Secondary
CWE-1390
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortianalyzer	< 7.4.4	Yes
Application	fortinet	fortianalyzer	< 7.6.2	Yes
Application	fortinet	fortianalyzer_cloud	< 7.4.4	Yes
Application	fortinet	fortimanager	< 7.4.4	Yes
Application	fortinet	fortimanager	< 7.6.2	Yes
Application	fortinet	fortimanager_cloud	< 7.4.4	Yes
Application	fortinet	fortiproxy	< 2.0.15	Yes
Application	fortinet	fortiproxy	< 7.0.18	Yes
Application	fortinet	fortiproxy	< 7.2.11	Yes
Application	fortinet	fortiproxy	< 7.4.5	Yes
Operating System	fortinet	fortios	< 7.0.16	Yes
Operating System	fortinet	fortios	< 7.2.9	Yes
Operating System	fortinet	fortios	< 7.4.5	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-221 Mitigation, Vendor Advisory ([email protected])