CVE-2024-35277

Name of the Vulnerable Software and Affected Versions Fortinet FortiPortal versions 6.0.0 through 6.0.15 Fortinet FortiManager versions 6.4.0 through 6.4.14 Fortinet FortiManager versions 7.0.0 through 7.0.12 Fortinet FortiManager versions 7.2.0 through 7.2.5 Fortinet FortiManager versions 7.4.0 through 7.4.2

Description The issue is related to a lack of authentication for a critical function in Fortinet products, allowing an attacker to access the configuration of managed devices by sending specifically crafted packets. This can lead to unauthorized access to protected information.

Recommendations For Fortinet FortiPortal versions 6.0.0 through 6.0.15, update to a version that includes the fix for this issue. For Fortinet FortiManager versions 6.4.0 through 6.4.14, update to a version that includes the fix for this issue. For Fortinet FortiManager versions 7.0.0 through 7.0.12, update to a version that includes the fix for this issue. For Fortinet FortiManager versions 7.2.0 through 7.2.5, update to a version that includes the fix for this issue. For Fortinet FortiManager versions 7.4.0 through 7.4.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the critical function until a patch is available.