CVE-2024-26011

CVE Database · CVE-2024-26011

CVE-2024-26011

· MEDIUMAnalyzed

CVSS v3.1

5.3

EPSS

0.59%

Published

Nov 12, 2024

Modified

Dec 12, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-306CWE-306

Affected Products (14)

fortinet · fortios (up to 7.0.15)vulnerable

fortinet · fortios (up to 7.2.8)vulnerable

fortinet · fortios (up to 7.4.4)vulnerable

fortinet · fortipam (up to 1.3.0)vulnerable

fortinet · fortiproxy (up to 7.0.17)vulnerable

fortinet · fortiproxy (up to 7.2.10)vulnerable

fortinet · fortiproxy (up to 7.4.4)vulnerable

fortinet · fortimanager (up to 6.4.15)vulnerable

· fortimanager

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-032

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs