CVE-2024-50563

Name of the Vulnerable Software and Affected Versions FortiAnalyzer versions 7.4.1 through 7.4.3 FortiAnalyzer versions 7.6.0 through 7.6.1 FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 FortiManager versions 7.4.1 through 7.4.3 FortiManager versions 7.6.0 through 7.6.1 FortiManager Cloud versions 7.4.1 through 7.4.3 FortiManager Cloud versions 7.6.0 through 7.6.1

Description A weak authentication in Fortinet products allows an attacker to execute unauthorized code or commands via a brute-force attack. This issue is related to the bypass of authentication, which can be exploited by a remote attacker to execute arbitrary code or commands. The vulnerability may allow an unauthenticated attacker with access to the Security Fabric interface and port to bruteforce the authentication process in the Security Fabric protocol and take control of the devices of the Fabric.

Recommendations For FortiAnalyzer versions 7.4.1 through 7.4.3, update to a version that includes a fix for this issue. For FortiAnalyzer versions 7.6.0 through 7.6.1, update to a version that includes a fix for this issue. For FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, update to a version that includes a fix for this issue. For FortiManager versions 7.4.1 through 7.4.3, update to a version that includes a fix for this issue. For FortiManager versions 7.6.0 through 7.6.1, update to a version that includes a fix for this issue. For FortiManager Cloud versions 7.4.1 through 7.4.3, update to a version that includes a fix for this issue. For FortiManager Cloud versions 7.6.0 through 7.6.1, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the Security Fabric interface and port to minimize the risk of exploitation.