CVE-2024-48886

{"id": "CVE-2024-48886", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-01-14T14:15:33.027", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-221", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-1390"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack."}, {"lang": "es", "value": "Una autenticaci\u00f3n d\u00e9bil en Fortinet FortiOS versiones 7.4.0 a 7.4.4, 7.2.0 a 7.2.8, 7.0.0 a 7.0.15, 6.4.0 a 6.4.15, FortiProxy versiones 7.4.0 a 7.4.4, 7.2.0 a 7.2.10, 7.0.0 a 7.0.17, 2.0.0 a 2.0.14, FortiManager versiones 7.6.0 a 7.6.1, 7.4.1 a 7.4.3, FortiManager Cloud versiones 7.4.1 a 7.4.3 y FortiAnalyzer Cloud versiones 7.4.1 a 7.4.3 permite a un atacante ejecutar c\u00f3digo o comandos no autorizados mediante un ataque de fuerza bruta."}], "lastModified": "2025-02-03T22:16:04.733", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF81840B-F269-4B40-8014-D4B18A2A016F", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.1"}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC9AD7A8-B390-4037-872B-02E1BEEDEC6C", "versionEndExcluding": "7.6.2", "versionStartIncluding": "7.6.0"}, {"criteria": "cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EA0888C-2D95-46ED-9BA9-F99072C02FE6", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.1"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7269FDB6-A1D4-4912-8751-87BA52614FDA", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.1"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "241A8930-4ADA-4380-AA42-F10B28487595", "versionEndExcluding": "7.6.2", "versionStartIncluding": "7.6.0"}, {"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC", "versionEndExcluding": "7.4.4", "versionStartIncluding": "7.4.1"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60E6EA0C-12E8-4EA7-901C-BEDE07BC88DA", "versionEndExcluding": "2.0.15", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D273F0B5-A9F3-460B-8E96-7BEB816A91D9", "versionEndExcluding": "7.0.18", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77A6D950-F8AE-4E12-9D43-C49BFE03B3D4", "versionEndExcluding": "7.2.11", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6794E3E0-7FC3-40D8-9568-20E6878E3EDB", "versionEndExcluding": "7.4.5", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA0532A5-31F2-4A92-BF31-6003E28AC948", "versionEndExcluding": "7.0.16", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "678EB0FA-2B29-4108-8378-C4803A543193", "versionEndExcluding": "7.2.9", "versionStartIncluding": "7.2.0"}, {"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A71AD879-997D-4787-A1E9-E4132AC521E2", "versionEndExcluding": "7.4.5", "versionStartIncluding": "7.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}