CVE-2024-50563 : A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

Published 2025-01-16 09:16:53

Updated 2025-02-03 21:54:18

Source Fortinet, Inc.

View at NVD, CVE.org

Products affected by CVE-2024-50563

Fortinet » Fortios
Versions from including (>=) 6.4.0 and before (<) 7.0.16
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortios
Versions from including (>=) 7.2.0 and before (<) 7.2.9
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortios
Versions from including (>=) 7.4.0 and before (<) 7.4.5
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortimanager
Versions from including (>=) 7.6.0 and before (<) 7.6.2
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortimanager
Versions from including (>=) 7.4.1 and before (<) 7.4.4
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortianalyzer
Versions from including (>=) 7.4.1 and before (<) 7.4.4
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortianalyzer
Versions from including (>=) 7.6.0 and before (<) 7.6.2
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortiproxy
Versions from including (>=) 7.2.0 and before (<) 7.2.11
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortiproxy
Versions from including (>=) 7.0.0 and before (<) 7.0.18
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortiproxy
Versions from including (>=) 7.4.0 and before (<) 7.4.5
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortiproxy
Versions from including (>=) 2.0.0 and before (<) 2.0.15
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortimanager » Version: 7.4.2
cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortimanager » Version: 7.4.1
cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortimanager » Version: 7.6.0
cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortimanager » Version: 7.4.3
cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortimanager » Version: 7.6.1
cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortianalyzer » Version: 7.4.3
cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortianalyzer » Version: 7.4.2
cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortianalyzer » Version: 7.4.1
cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortianalyzer » Version: 7.6.1
cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortianalyzer » Version: 7.6.0
cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortianalyzer Cloud
Versions from including (>=) 7.4.1 and before (<) 7.4.4
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
Matching versions
Fortinet » Fortimanager Cloud
Versions from including (>=) 7.4.1 and before (<) 7.4.4
cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-50563

EPSS FAQ

0.14%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 36 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-50563

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.7	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/...	N/A	N/A	Fortinet, Inc.	2025-01-16
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST	2025-02-03
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.3	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	3.9	3.4	Fortinet, Inc.	2025-01-16
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low

CWE ids for CVE-2024-50563

CWE-1390 Weak Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.
Assigned by:
- 6abe59d8-c742-4dff-8ce8-9b0ca1073da8 (Primary)
- psirt@fortinet.com (Secondary)

References for CVE-2024-50563

https://fortiguard.fortinet.com/psirt/FG-IR-24-221

Mitigation;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2024-50563

Products affected by CVE-2024-50563

Exploit prediction scoring system (EPSS) score for CVE-2024-50563

CVSS scores for CVE-2024-50563

CWE ids for CVE-2024-50563

References for CVE-2024-50563