CVE-2024-26011
Description
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVSS Details
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Threat Intelligence
Weaknesses 1
Affected Products 14
| Vendor | Product | Version | Range |
|---|---|---|---|
| fortinet | fortios | * | ≥6.0.0 – <7.0.15 |
| fortinet | fortios | * | ≥7.2.0 – <7.2.8 |
| fortinet | fortios | * | ≥7.4.0 – <7.4.4 |
| fortinet | fortipam | * | ≥1.0.0 – <1.3.0 |
| fortinet | fortiproxy | * | ≥1.0.0 – <7.0.17 |
| fortinet | fortiproxy | * | ≥7.2.0 – <7.2.10 |
| fortinet | fortiproxy | * | ≥7.4.0 – <7.4.4 |
| fortinet | fortimanager | * | ≥6.4.0 – <6.4.15 |
| fortinet | fortimanager | * | ≥7.0.0 – <7.0.12 |
| fortinet | fortimanager | * | ≥7.2.0 – <7.2.5 |
| fortinet | fortimanager | * | ≥7.4.0 – <7.4.3 |
| fortinet | fortiswitchmanager | * | ≥7.0.0 – <7.0.4 |
| fortinet | fortiswitchmanager | * | ≥7.2.0 – <7.2.4 |
| fortinet | fortiportal | * | ≥5.3.0 – <6.0.15 |
References 1
- fortiguard.fortinet.com https://fortiguard.fortinet.com/psirt/FG-IR-24-032
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.