CISA añade una vulnerabilidad explotada conocida al catálogo
Required CVE Record Information CNA: Fortinet, Inc. Published: 2024-10-23 Updated: 2024-10-23 Description A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests. CWE 1 Total Learn more CWE-306 : Execute unauthorized code or commands CVSS 1 Total Learn more Score Severity Version Vector String 9.8 CRITICAL 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C Product Status Learn more Vendor Fortinet Product FortiManager Versions 6 Total Default Status: unaffected affected affected at 7.6.0 affected from 7.4.0 through 7