Non-endpoint Vulnerability in Fortinet FortiOS and FortiProxy
CVE-2024-50568

5.6MEDIUM

Key Information:

Vendor: Fortinet
Status: FortiOS; Fortiproxy
Vendor: CVE Published:; 10 June 2025

What is CVE-2024-50568?

A vulnerability has been identified in Fortinet's FortiOS and FortiProxy, where an unauthenticated attacker can exploit the system by spoofing the identity of a downstream device within the security fabric. This is achieved through crafted TCP requests, targeting specific device data. Multiple versions of the affected products are vulnerable, making it critical for users to ensure their installations are updated to mitigate potential security risks.

Affected Version(s)

FortiOS 7.4.0 <= 7.4.3

FortiOS 7.2.0 <= 7.2.7

FortiOS 7.0.0 <= 7.0.14

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-058

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Oct 24, 2024