QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-26011

Back to search

CVE-2024-26011

Published: Nov 12, 2024

Modified: Nov 13, 2024

PUBLISHED

CVSS v3.1

5.2

MEDIUM

Description

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets.

VendorProductVersions

Fortinet

FortiManager

affected
7.4.0 - <= 7.4.2
affected
7.2.0 - <= 7.2.4
affected
7.0.0 - <= 7.0.11
affected
6.4.0 - <= 6.4.14

Fortinet

FortiSwitchManager

affected
7.2.0 - <= 7.2.3
affected
7.0.0 - <= 7.0.3

Fortinet

FortiPAM

affected
1.2.0
affected
1.1.0 - <= 1.1.2
affected
1.0.0 - <= 1.0.3

Fortinet

FortiProxy

affected
7.4.0 - <= 7.4.2
affected
7.2.0 - <= 7.2.9
affected
7.0.0 - <= 7.0.19
affected
2.0.0 - <= 2.0.14
affected
1.2.0 - <= 1.2.13

+2 more versions

Fortinet

FortiPortal

affected
6.0.0 - <= 6.0.14
affected
5.3.0 - <= 5.3.8

Fortinet

FortiOS

affected
7.4.0 - <= 7.4.3
affected
7.2.0 - <= 7.2.7
affected
7.0.0 - <= 7.0.14
affected
6.4.0 - <= 6.4.15
affected
6.2.0 - <= 6.2.16

+1 more versions

Weaknesses (CWE)

CWE-306

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:U/RC:C

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now