CVE-2024-21757 MEDIUM

CVE-2024-21757

Vendor Fortinet
Product FortiManager
Weakness CWE-620 · Unverified password change
Published August 13, 2024
Last update August 13, 2024

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C

What the vulnerability does

01Description

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.

Key dates

02Disclosure timeline

August 13, 2024 CVE published
August 13, 2024 Record updated