Fortinet FortiManager Missing Authentication Vulnerability

Added Oct. 23, 2024 • Due Nov. 13, 2024 • CVE-2024-47575

Overdue Fortinet / FortiManager CWE-306

Description

Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-423
https://nvd.nist.gov/vuln/detail/CVE-2024-47575

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 8 months ago