CVE-2024-21757

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*

History

22 Aug 2024, 14:34

Type Values Removed Values Added
First Time Fortinet fortimanager
Fortinet
Fortinet fortianalyzer
Summary
  • (es) Un cambio de contraseña no verificado en Fortinet FortiManager versiones 7.0.0 a 7.0.10, versiones 7.2.0 a 7.2.4 y versiones 7.4.0 a 7.4.1, así como Fortinet FortiAnalyzer versiones 7.0.0 a 7.0.10, versiones 7.2.0 a 7.2.4 y las versiones 7.4.0 a 7.4.1 permiten a un atacante modificar las contraseñas de administrador a través de la copia de seguridad de la configuración del dispositivo.
CPE cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
References () https://fortiguard.fortinet.com/psirt/FG-IR-23-467 - () https://fortiguard.fortinet.com/psirt/FG-IR-23-467 - Vendor Advisory
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 7.8
CWE NVD-CWE-Other

13 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 16:15

Updated : 2024-08-22 14:34


NVD link : CVE-2024-21757

Mitre link : CVE-2024-21757

CVE.ORG link : CVE-2024-21757


JSON object : View

Products Affected

fortinet

  • fortianalyzer
  • fortimanager
CWE
NVD-CWE-Other CWE-620

Unverified Password Change