CVE-2024-48886

CRITICAL

Fortinet FortiOS <7.4.15 - RCE

Title source: llm

Description

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

References (1)

[Vendor Advisory] https://fortiguard.fortinet.com/psirt/FG-IR-24-221

Scores

CVSS v3 9.0

EPSS 0.0050

EPSS Percentile 66.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-1390

Status published

Products (6)

fortinet/fortianalyzer 7.4.1 - 7.4.4

fortinet/fortianalyzer_cloud 7.4.1 - 7.4.4

fortinet/fortimanager 7.4.1 - 7.4.4

fortinet/fortimanager_cloud 7.4.1 - 7.4.4

fortinet/fortios 6.4.0 - 7.0.16

fortinet/fortiproxy 2.0.0 - 2.0.15

Published Jan 14, 2025

Tracked Since Feb 18, 2026