CVE-2024-47575

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

Published: Oct 23, 2024
Updated: May 4, 2025
CVE: CVE-2024-47575
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-306

Affected Software
References

Software	From	Fixed in
fortinet / fortimanager_cloud	6.4.1	6.4.7.x
fortinet / fortimanager_cloud	7.0.1	7.0.13
fortinet / fortimanager_cloud	7.2.1	7.2.8
fortinet / fortimanager_cloud	7.4.1	7.4.5
fortinet / fortimanager	6.2.0	6.2.13
fortinet / fortimanager	6.4.0	6.4.15
fortinet / fortimanager	7.0.0	7.0.13
fortinet / fortimanager	7.2.0	7.2.8
fortinet / fortimanager	7.6.0	7.6.0.x
fortinet / fortimanager	7.4.0	7.4.5

https://fortiguard.fortinet.com/psirt/FG-IR-24-423

Vulnerability Database

289,782

CVE-2024-47575