CVE-2024-50563 MEDIUM

CVE-2024-50563

Vendor Fortinet
Product FortiAnalyzer
Weakness CWE-1390
Published January 16, 2025
Last update January 16, 2025

CVSS base score

6.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:C

What the vulnerability does

01Description

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

Key dates

02Disclosure timeline

January 16, 2025 CVE published
January 16, 2025 Record updated