CVE-2024-47575

CVE Database · CVE-2024-47575

CVE-2024-47575

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

96.50%

Published

Oct 23, 2024

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2024-10-23 · Due: 2024-11-13

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (3)

All weaponized →

TrickestTrickest PoC index GitHub PoCwatchtowrlabs/Fortijump-Exploit-CVE-2024-47575★98 GitHub PoCAnnnNix/CVE-2024-47575★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-306

Affected Products (10)

fortinet · fortimanager (up to 6.2.13)vulnerable

fortinet · fortimanager (up to 6.4.15)vulnerable

fortinet · fortimanager (up to 7.0.13)vulnerable

fortinet · fortimanager (up to 7.2.8)vulnerable

fortinet · fortimanager (up to 7.4.5)vulnerable

fortinet · fortimanagervulnerable

fortinet · fortimanager_cloudvulnerable

fortinet · fortimanager_cloud (up to 7.0.13)vulnerable

fortinet · fortimanager_cloud

References (2)

https://fortiguard.fortinet.com/psirt/FG-IR-24-423

ExploitMitigationVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-47575

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs