CVE-2024-47575

CRITICAL KEV NUCLEI

Fortinet FortiManager <7.6.0 - RCE

Title source: llm

Description

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

Exploits (12)

nomisec WORKING POC 96 stars
by watchtowrlabs · remote
https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575
nomisec WORKING POC 1 stars
by SkyGodling · remote
https://github.com/SkyGodling/exploit-cve-2024-47575
nomisec WORKING POC
by AnnnNix · poc
https://github.com/AnnnNix/CVE-2024-47575
nomisec WORKING POC
by revanslbw · remote
https://github.com/revanslbw/CVE-2024-47575-POC
metasploit WORKING POC EXCELLENT
by sfewer-r7 · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/fortimanager_rce_cve_2024_47575.rb

Nuclei Templates (1)

FortiManager Unauthenticated Remote Code Execution
CRITICALby 0x_Akoko,pussycat0x,watchTowr

References (2)

Scores

CVSS v3 9.8
EPSS 0.9387
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-10-23
VulnCheck KEV 2024-10-23
InTheWild.io 2024-10-23
ENISA EUVD EUVD-2024-42531
CWE
CWE-306
Status published
Products (3)
fortinet/fortimanager 7.6.0
fortinet/fortimanager 6.2.0 - 6.2.13
fortinet/fortimanager_cloud 6.4.1 - 6.4.7
Published Oct 23, 2024
KEV Added Oct 23, 2024
Tracked Since Feb 18, 2026