Weak Authentication Vulnerability in Fortinet FortiManager and FortiAnalyzer Cloud
CVE-2024-50563

6.7MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortianalyzer; Fortimanager
Vendor: CVE Published:; 16 January 2025

Summary

A vulnerability exists in Fortinet's FortiManager and FortiAnalyzer Cloud due to weak authentication mechanisms. This flaw allows attackers to execute unauthorized commands or code by exploiting brute-force techniques to gain access to the affected products. Administrators are urged to implement more robust authentication measures to mitigate risks associated with unauthorized access.

Affected Version(s)

FortiAnalyzer 7.6.0 <= 7.6.1

FortiAnalyzer 7.4.1 <= 7.4.3

FortiManager 7.6.0 <= 7.6.1

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-221

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Oct 24, 2024