CVE-2024-21757

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.

Published: Aug 13, 2024
Updated: Aug 23, 2024
CVE: CVE-2024-21757
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
fortinet / fortimanager	7.4.0	7.4.2
fortinet / fortianalyzer	7.4.0	7.4.2
fortinet / fortianalyzer	7.2.0	7.2.5
fortinet / fortianalyzer	7.0.0	7.0.11
fortinet / fortimanager	7.0.0	7.0.11
fortinet / fortimanager	7.2.0	7.2.5

https://fortiguard.fortinet.com/psirt/FG-IR-23-467

Vulnerability Database

289,784

CVE-2024-21757