CVE-2024-50565 — LOW (3.1) — White Hats Nepal

Q: How severe is CVE-2024-50565?

CVE-2024-50565 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-50565?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiweb, Fortinet Fortivoice, Fortinet Fortiproxy, Fortinet Fortios, Fortinet Fortimanager.

Vulnerability Description

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device

CVSS Score

3.1

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Fortinet	Fortiweb	>= 7.4.0, < 7.4.3
Fortinet	Fortivoice	>= 6.0.0, < 6.4.9
Fortinet	Fortiproxy	>= 2.0.0, < 7.0.16
Fortinet	Fortios	>= 6.4.0, < 7.0.16
Fortinet	Fortimanager	>= 6.2.0, < 6.2.14
Fortinet	Fortianalyzer	>= 6.2.0, < 6.2.14

Related Weaknesses (CWE)

CWE-300

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-046Vendor Advisory

FAQ

What is CVE-2024-50565?

CVE-2024-50565 is a vulnerability with a CVSS score of 3.1 (LOW). A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through ...

How severe is CVE-2024-50565?

CVE-2024-50565 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-50565?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortiweb, Fortinet Fortivoice, Fortinet Fortiproxy, Fortinet Fortios, Fortinet Fortimanager.