A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.
References
Link | Resource |
---|---|
https://fortiguard.fortinet.com/psirt/FG-IR-23-467 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Aug 2024, 14:34
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fortinet fortimanager
Fortinet Fortinet fortianalyzer |
|
Summary |
|
|
CPE | cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* |
|
References | () https://fortiguard.fortinet.com/psirt/FG-IR-23-467 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CWE | NVD-CWE-Other |
13 Aug 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-13 16:15
Updated : 2024-08-22 14:34
NVD link : CVE-2024-21757
Mitre link : CVE-2024-21757
CVE.ORG link : CVE-2024-21757
JSON object : View
Products Affected
fortinet
- fortianalyzer
- fortimanager
CWE