CVE-2024-47575 - Vulnerability Details

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Oct. 23, 2024.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Fortinet	Fortimanager Fortimanager Cloud

Configuration 1 [-]

OR	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager::::::::
	cpe:2.3:a:fortinet:fortimanager:7.6.0:::::::*
	cpe:2.3:a:fortinet:fortimanager_cloud::::::::
	cpe:2.3:a:fortinet:fortimanager_cloud::::::::
	cpe:2.3:a:fortinet:fortimanager_cloud::::::::
	cpe:2.3:a:fortinet:fortimanager_cloud::::::::

No data.

References

Link	Providers
https://fortiguard.fortinet.com/psirt/FG-IR-24-423
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575

History

Tue, 21 Oct 2025 23:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575

Thu, 07 Nov 2024 08:00:00 +0000

Type	Values Removed	Values Added
Description	A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.	A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

Thu, 24 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 24 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fortinet fortimanager Cloud
CPEs		cpe:2.3:a:fortinet:fortimanager:::::::: cpe:2.3:a:fortinet:fortimanager:7.6.0:::::::* cpe:2.3:a:fortinet:fortimanager_cloud::::::::
Vendors & Products		Fortinet fortimanager Cloud

Wed, 23 Oct 2024 23:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2024-10-23'}`

Wed, 23 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 23 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Description		A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
First Time appeared		Fortinet Fortinet fortimanager
Weaknesses		CWE-306
CPEs		cpe:2.3:o:fortinet:fortimanager:6.2.0:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.10:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.11:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.12:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.1:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.2:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.3:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.4:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.5:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.6:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.7:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.8:::::::* cpe:2.3:o:fortinet:fortimanager:6.2.9:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.0:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.10:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.11:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.12:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.13:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.14:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.1:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.3:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.4:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.5:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.6:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.7:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.8:::::::* cpe:2.3:o:fortinet:fortimanager:6.4.9:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.10:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.11:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.12:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.8:::::::* cpe:2.3:o:fortinet:fortimanager:7.0.9:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.5:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.6:::::::* cpe:2.3:o:fortinet:fortimanager:7.2.7:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.0:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.1:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.2:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.3:::::::* cpe:2.3:o:fortinet:fortimanager:7.4.4:::::::* cpe:2.3:o:fortinet:fortimanager:7.6.0:::::::*
Vendors & Products		Fortinet Fortinet fortimanager
References		https://fortiguard.fortinet.com/psirt/FG-IR-24-423
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C'}`

MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2024-10-23T15:03:48.798Z

Updated: 2025-10-21T22:55:42.072Z

Reserved: 2024-09-27T16:19:24.137Z

Link: CVE-2024-47575

Vulnrichment

Updated: 2024-10-23T15:41:04.387Z

NVD

Status : Analyzed

Published: 2024-10-23T15:15:30.707

Modified: 2025-10-24T12:54:32.207

Link: CVE-2024-47575

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object