Vulnerability Description
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortianalyzer | >= 7.4.1, < 7.4.4 |
| Fortinet | Fortianalyzer Cloud | >= 7.4.1, < 7.4.4 |
| Fortinet | Fortimanager | >= 7.4.1, < 7.4.4 |
| Fortinet | Fortimanager Cloud | >= 7.4.1, < 7.4.4 |
| Fortinet | Fortiproxy | >= 2.0.0, < 2.0.15 |
| Fortinet | Fortios | >= 6.4.0, < 7.0.16 |
Related Weaknesses (CWE)
References
- https://fortiguard.fortinet.com/psirt/FG-IR-24-221Vendor Advisory
FAQ
What is CVE-2024-48886?
CVE-2024-48886 is a vulnerability with a CVSS score of 9.0 (CRITICAL). A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, ...
How severe is CVE-2024-48886?
CVE-2024-48886 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-48886?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortianalyzer, Fortinet Fortianalyzer Cloud, Fortinet Fortimanager, Fortinet Fortimanager Cloud, Fortinet Fortiproxy.