CVE-2024-50563

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-50563

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

A

weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-221 Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
History

24 Sep 2025, 15:25

Type Values Removed Values Added
CPE cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

03 Feb 2025, 21:54

Type Values Removed Values Added
First Time Fortinet fortimanager
Fortinet fortianalyzer Cloud
Fortinet
Fortinet fortiproxy
Fortinet fortianalyzer
Fortinet fortios
Fortinet fortimanager Cloud
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-221 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-221 - Mitigation, Vendor Advisory
Summary
  • (es) Una autenticación débil en Fortinet FortiManager Cloud, FortiAnalyzer versiones 7.6.0 a 7.6.1, 7.4.1 a 7.4.3, FortiAnalyzer Cloud versiones 7.4.1 a 7.4.3, FortiManager versiones 7.6.0 a 7.6.1, 7.4.1 a 7.4.3, FortiManager Cloud versiones 7.4.1 a 7.4.3 permite a un atacante ejecutar código o comandos no autorizados a través de un ataque de fuerza bruta.
CPE cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other

16 Jan 2025, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-16 10:15

Updated : 2025-09-24 15:25

NVD link : CVE-2024-50563

Mitre link : CVE-2024-50563

CVE.ORG link : CVE-2024-50563

JSON object : View

Products Affected

fortinet

CWE
CWE-1390

Weak Authentication

NVD-CWE-Other