Threat Intelligence / CVE / CVE-2024-47575

CVE-2024-47575

CISA KEV

CVSS 9.8 (CRITICAL) · EPSS 93.8% · Published 2024-10-23

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-306

Threats tracking this CVE

LockBit 5.0 Cross-Platform Ransomware Analysis — CRITICAL

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-423
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575

Full detection coverage & IOCs for threats exploiting CVE-2024-47575 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence