CVE-2024-48886

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.4.0 through 6.4.15 Fortinet FortiOS versions 7.0.0 through 7.0.15 Fortinet FortiOS versions 7.2.0 through 7.2.8 Fortinet FortiOS versions 7.4.0 through 7.4.4 FortiProxy versions 2.0.0 through 2.0.14 FortiProxy versions 7.0.0 through 7.0.17 FortiProxy versions 7.2.0 through 7.2.10 FortiProxy versions 7.4.0 through 7.4.4 FortiManager versions 7.4.1 through 7.4.3 FortiManager versions 7.6.0 through 7.6.1 FortiManager Cloud versions 7.4.1 through 7.4.3 FortiAnalyzer Cloud versions 7.4.1 through 7.4.3

Description The issue is related to a weak authentication in Fortinet products, which can be exploited by an attacker to execute unauthorized code or commands via a brute-force attack. This allows a remote attacker to bypass authentication and perform actions that would normally require authorization.

Recommendations For Fortinet FortiOS versions 6.4.0 through 6.4.15, update to a version outside of this range to resolve the issue. For Fortinet FortiOS versions 7.0.0 through 7.0.15, update to a version outside of this range to resolve the issue. For Fortinet FortiOS versions 7.2.0 through 7.2.8, update to a version outside of this range to resolve the issue. For Fortinet FortiOS versions 7.4.0 through 7.4.4, update to a version outside of this range to resolve the issue. For FortiProxy versions 2.0.0 through 2.0.14, update to a version outside of this range to resolve the issue. For FortiProxy versions 7.0.0 through 7.0.17, update to a version outside of this range to resolve the issue. For FortiProxy versions 7.2.0 through 7.2.10, update to a version outside of this range to resolve the issue. For FortiProxy versions 7.4.0 through 7.4.4, update to a version outside of this range to resolve the issue. For FortiManager versions 7.4.1 through 7.4.3, update to a version outside of this range to resolve the issue. For FortiManager versions 7.6.0 through 7.6.1, update to a version outside of this range to resolve the issue. For FortiManager Cloud versions 7.4.1 through 7.4.3, update to a version outside of this range to resolve the issue. For FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, update to a version outside of this range to resolve the issue.