CVE-2024-21757

MEDIUM

Fortinet FortiManager/FortiAnalyzer <7.4.1 - Info Disclosure

Title source: llm

Description

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-23-467

Scores

CVSS v3 6.1

EPSS 0.0014

EPSS Percentile 33.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-620

Status published

Products (2)

fortinet/fortianalyzer 7.0.0 - 7.0.11

fortinet/fortimanager 7.0.0 - 7.0.11

Published Aug 13, 2024

Tracked Since Feb 18, 2026