Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-50566 (GCVE-0-2024-50566)
Vulnerability from cvelistv5 – Published: 2025-01-14 14:08 – Updated: 2025-01-14 20:57
VLAI?
EPSS
Summary
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
Severity ?
CWE
- CWE-78 - Execute unauthorized code or commands
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiManager |
Affected:
7.6.0 , ≤ 7.6.1
(semver)
Affected: 7.4.0 , ≤ 7.4.5 (semver) Affected: 7.2.1 , ≤ 7.2.8 (semver) cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T15:16:49.654273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T20:57:06.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.5",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.8",
"status": "affected",
"version": "7.2.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:08:35.384Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-463",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-463"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiManager version 7.6.2 or above \nPlease upgrade to FortiManager version 7.4.6 or above \nPlease upgrade to FortiManager version 7.2.9 or above \nPlease upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.5 or above \nPlease upgrade to FortiManager Cloud version 7.2.8 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-50566",
"datePublished": "2025-01-14T14:08:35.384Z",
"dateReserved": "2024-10-24T11:52:14.401Z",
"dateUpdated": "2025-01-14T20:57:06.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.\"}]",
"id": "CVE-2024-50566",
"lastModified": "2025-01-14T14:15:33.650",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@fortinet.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}]}",
"published": "2025-01-14T14:15:33.650",
"references": "[{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-463\", \"source\": \"psirt@fortinet.com\"}]",
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Received",
"weaknesses": "[{\"source\": \"psirt@fortinet.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-50566\",\"sourceIdentifier\":\"psirt@fortinet.com\",\"published\":\"2025-01-14T14:15:33.650\",\"lastModified\":\"2025-02-03T22:09:31.510\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.\"},{\"lang\":\"es\",\"value\":\"Una neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo (\u0027inyecci\u00f3n de comando del sistema operativo\u0027) en Fortinet FortiManager versiones 7.6.0 a 7.6.1, versiones 7.4.5 a 7.4.0 y versiones 7.2.1 a 7.2.8, FortiManager Cloud versiones 7.6.0 a 7.6.1, versiones 7.4.0 a 7.4.4 y versiones 7.2.2 a 7.2.7 puede permitir que un atacante remoto autenticado ejecute c\u00f3digo no autorizado a trav\u00e9s de solicitudes FGFM manipuladas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@fortinet.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.1\",\"versionEndExcluding\":\"7.2.9\",\"matchCriteriaId\":\"CBA16B3B-9767-4B61-BA35-2DDF70D66D09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.4.6\",\"matchCriteriaId\":\"24796E3A-DDCB-4949-9080-5DCEEECF0B6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.6.0\",\"versionEndExcluding\":\"7.6.2\",\"matchCriteriaId\":\"241A8930-4ADA-4380-AA42-F10B28487595\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.2.2\",\"versionEndExcluding\":\"7.2.8\",\"matchCriteriaId\":\"57B085BA-AF25-4EE9-8EC6-BD588F3C90CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.4.0\",\"versionEndExcluding\":\"7.4.5\",\"matchCriteriaId\":\"9FBDCAD3-019A-4F46-AB5D-448E525E4E94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.6.0\",\"versionEndExcluding\":\"7.6.2\",\"matchCriteriaId\":\"3C4D647A-5EA1-4047-9E59-987FC8A74F0B\"}]}]}],\"references\":[{\"url\":\"https://fortiguard.fortinet.com/psirt/FG-IR-24-463\",\"source\":\"psirt@fortinet.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-50566\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-14T15:16:49.654273Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-14T15:16:51.009Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:X\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*\", \"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*\"], \"vendor\": \"Fortinet\", \"product\": \"FortiManager\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.6.1\"}, {\"status\": \"affected\", \"version\": \"7.4.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.4.5\"}, {\"status\": \"affected\", \"version\": \"7.2.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.2.8\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Please upgrade to FortiManager version 7.6.2 or above \\nPlease upgrade to FortiManager version 7.4.6 or above \\nPlease upgrade to FortiManager version 7.2.9 or above \\nPlease upgrade to FortiManager Cloud version 7.6.2 or above \\nPlease upgrade to FortiManager Cloud version 7.4.5 or above \\nPlease upgrade to FortiManager Cloud version 7.2.8 or above\"}], \"references\": [{\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-463\", \"name\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-463\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"Execute unauthorized code or commands\"}]}], \"providerMetadata\": {\"orgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"shortName\": \"fortinet\", \"dateUpdated\": \"2025-01-14T14:08:35.384Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-50566\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-14T20:57:06.777Z\", \"dateReserved\": \"2024-10-24T11:52:14.401Z\", \"assignerOrgId\": \"6abe59d8-c742-4dff-8ce8-9b0ca1073da8\", \"datePublished\": \"2025-01-14T14:08:35.384Z\", \"assignerShortName\": \"fortinet\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CNVD-2025-02528
Vulnerability from cnvd - Published: 2025-02-06
VLAI Severity ?
Title
Fortinet FortiManager操作系统命令注入漏洞
Description
Fortinet FortiManager是美国飞塔(Fortinet)公司的一套集中化网络安全管理平台。该平台支持集中管理任意数量的Fortinet设备,并能够将设备分组到不同的管理域(ADOM)进一步简化多设备安全部署与管理。
Fortinet FortiManager存在操作系统命令注入漏洞,该漏洞源于操作系统命令中使用的特殊元素的不当中和,经过身份验证的远程攻击者可利用该漏洞通过FGFM精心设计的请求执行未经授权的代码。
Severity
高
Patch Name
Fortinet FortiManager操作系统命令注入漏洞的补丁
Patch Description
Fortinet FortiManager是美国飞塔(Fortinet)公司的一套集中化网络安全管理平台。该平台支持集中管理任意数量的Fortinet设备,并能够将设备分组到不同的管理域(ADOM)进一步简化多设备安全部署与管理。
Fortinet FortiManager存在操作系统命令注入漏洞,该漏洞源于操作系统命令中使用的特殊元素的不当中和,经过身份验证的远程攻击者可利用该漏洞通过FGFM精心设计的请求执行未经授权的代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://fortiguard.fortinet.com/psirt/FG-IR-24-463
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-50566
Impacted products
| Name | ['Fortinet FortiManager >=7.6.0,<=7.6.1', 'Fortinet fortimanager cloud >=7.6.0,<=7.6.1', 'Fortinet fortimanager cloud >=7.4.0,<=7.4.4', 'Fortinet fortimanager cloud >=7.2.2,<=7.2.7', 'Fortinet FortiManager >=7.4.0,<=7.4.5', 'Fortinet FortiManager >=7.2.1,<=7.2.8'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-50566",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-50566"
}
},
"description": "Fortinet FortiManager\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u96c6\u4e2d\u5316\u7f51\u7edc\u5b89\u5168\u7ba1\u7406\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u96c6\u4e2d\u7ba1\u7406\u4efb\u610f\u6570\u91cf\u7684Fortinet\u8bbe\u5907\uff0c\u5e76\u80fd\u591f\u5c06\u8bbe\u5907\u5206\u7ec4\u5230\u4e0d\u540c\u7684\u7ba1\u7406\u57df\uff08ADOM\uff09\u8fdb\u4e00\u6b65\u7b80\u5316\u591a\u8bbe\u5907\u5b89\u5168\u90e8\u7f72\u4e0e\u7ba1\u7406\u3002\n\nFortinet FortiManager\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u4e2d\u4f7f\u7528\u7684\u7279\u6b8a\u5143\u7d20\u7684\u4e0d\u5f53\u4e2d\u548c\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7FGFM\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u8bf7\u6c42\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://fortiguard.fortinet.com/psirt/FG-IR-24-463",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-02528",
"openTime": "2025-02-06",
"patchDescription": "Fortinet FortiManager\u662f\u7f8e\u56fd\u98de\u5854\uff08Fortinet\uff09\u516c\u53f8\u7684\u4e00\u5957\u96c6\u4e2d\u5316\u7f51\u7edc\u5b89\u5168\u7ba1\u7406\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u96c6\u4e2d\u7ba1\u7406\u4efb\u610f\u6570\u91cf\u7684Fortinet\u8bbe\u5907\uff0c\u5e76\u80fd\u591f\u5c06\u8bbe\u5907\u5206\u7ec4\u5230\u4e0d\u540c\u7684\u7ba1\u7406\u57df\uff08ADOM\uff09\u8fdb\u4e00\u6b65\u7b80\u5316\u591a\u8bbe\u5907\u5b89\u5168\u90e8\u7f72\u4e0e\u7ba1\u7406\u3002\r\n\r\nFortinet FortiManager\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u4e2d\u4f7f\u7528\u7684\u7279\u6b8a\u5143\u7d20\u7684\u4e0d\u5f53\u4e2d\u548c\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7FGFM\u7cbe\u5fc3\u8bbe\u8ba1\u7684\u8bf7\u6c42\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Fortinet FortiManager\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Fortinet FortiManager \u003e=7.6.0\uff0c\u003c=7.6.1",
"Fortinet fortimanager cloud \u003e=7.6.0\uff0c\u003c=7.6.1",
"Fortinet fortimanager cloud \u003e=7.4.0\uff0c\u003c=7.4.4",
"Fortinet fortimanager cloud \u003e=7.2.2\uff0c\u003c=7.2.7",
"Fortinet FortiManager \u003e=7.4.0\uff0c\u003c=7.4.5",
"Fortinet FortiManager \u003e=7.2.1\uff0c\u003c=7.2.8"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-50566",
"serverity": "\u9ad8",
"submitTime": "2025-01-23",
"title": "Fortinet FortiManager\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}
WID-SEC-W-2025-0087
Vulnerability from csaf_certbund - Published: 2025-01-14 23:00 - Updated: 2025-01-14 23:00Summary
Fortinet FortiManager: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiManager ausnutzen, um Daten zu manipulieren, Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen, und Code auszuführen.
Betroffene Betriebssysteme
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FortiManager Security Management Appliances erm\u00f6glicht die Verwaltung von Fortinet Network Security Ger\u00e4ten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Fortinet FortiManager ausnutzen, um Daten zu manipulieren, Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, und Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0087 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0087.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0087 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0087"
},
{
"category": "external",
"summary": "FortiGuard PSIRT Advisory FG-IR-24-097 vom 2025-01-14",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-097"
},
{
"category": "external",
"summary": "FortiGuard PSIRT Advisory FG-IR-24-135 vom 2025-01-14",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-135"
},
{
"category": "external",
"summary": "FortiGuard PSIRT Advisory FG-IR-24-222 vom 2025-01-14",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-222"
},
{
"category": "external",
"summary": "FortiGuard PSIRT Advisory FG-IR-24-239 vom 2025-01-14",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-239"
},
{
"category": "external",
"summary": "FortiGuard PSIRT Advisory FG-IR-24-463 vom 2025-01-14",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-463"
}
],
"source_lang": "en-US",
"title": "Fortinet FortiManager: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-01-14T23:00:00.000+00:00",
"generator": {
"date": "2025-01-15T11:43:20.368+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2025-0087",
"initial_release_date": "2025-01-14T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-14T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.4.15",
"product": {
"name": "Fortinet FortiManager \u003c6.4.15",
"product_id": "1674908"
}
},
{
"category": "product_version",
"name": "6.4.15",
"product": {
"name": "Fortinet FortiManager 6.4.15",
"product_id": "1674908-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:6.4.15"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.0.13",
"product": {
"name": "Fortinet FortiManager \u003c7.0.13",
"product_id": "1674909"
}
},
{
"category": "product_version",
"name": "7.0.13",
"product": {
"name": "Fortinet FortiManager 7.0.13",
"product_id": "1674909-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.0.13"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.2.8",
"product": {
"name": "Fortinet FortiManager \u003c7.2.8",
"product_id": "1674910"
}
},
{
"category": "product_version",
"name": "7.2.8",
"product": {
"name": "Fortinet FortiManager 7.2.8",
"product_id": "1674910-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.2.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.4.5",
"product": {
"name": "Fortinet FortiManager \u003c7.4.5",
"product_id": "1675287"
}
},
{
"category": "product_version",
"name": "7.4.5",
"product": {
"name": "Fortinet FortiManager 7.4.5",
"product_id": "1675287-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.4.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.4.3",
"product": {
"name": "Fortinet FortiManager \u003c7.4.3",
"product_id": "1697231"
}
},
{
"category": "product_version",
"name": "7.4.3",
"product": {
"name": "Fortinet FortiManager 7.4.3",
"product_id": "1697231-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.4.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.4.4",
"product": {
"name": "Fortinet FortiManager \u003c7.4.4",
"product_id": "1697232"
}
},
{
"category": "product_version",
"name": "7.4.4",
"product": {
"name": "Fortinet FortiManager 7.4.4",
"product_id": "1697232-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.4.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.2.6",
"product": {
"name": "Fortinet FortiManager \u003c7.2.6",
"product_id": "T039043"
}
},
{
"category": "product_version",
"name": "7.2.6",
"product": {
"name": "Fortinet FortiManager 7.2.6",
"product_id": "T039043-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.2.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.6.2",
"product": {
"name": "Fortinet FortiManager \u003c7.6.2",
"product_id": "T040172"
}
},
{
"category": "product_version",
"name": "7.6.2",
"product": {
"name": "Fortinet FortiManager 7.6.2",
"product_id": "T040172-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.6.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.4.6",
"product": {
"name": "Fortinet FortiManager \u003c7.4.6",
"product_id": "T040173"
}
},
{
"category": "product_version",
"name": "7.4.6",
"product": {
"name": "Fortinet FortiManager 7.4.6",
"product_id": "T040173-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.4.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.2.9",
"product": {
"name": "Fortinet FortiManager \u003c7.2.9",
"product_id": "T040174"
}
},
{
"category": "product_version",
"name": "7.2.9",
"product": {
"name": "Fortinet FortiManager 7.2.9",
"product_id": "T040174-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.2.9"
}
}
},
{
"category": "product_version_range",
"name": "\u003c6.4.13",
"product": {
"name": "Fortinet FortiManager \u003c6.4.13",
"product_id": "T040346"
}
},
{
"category": "product_version",
"name": "6.4.13",
"product": {
"name": "Fortinet FortiManager 6.4.13",
"product_id": "T040346-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:6.4.13"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.4.1",
"product": {
"name": "Fortinet FortiManager \u003c7.4.1",
"product_id": "T040347"
}
},
{
"category": "product_version",
"name": "7.4.1",
"product": {
"name": "Fortinet FortiManager 7.4.1",
"product_id": "T040347-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.4.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.2.4",
"product": {
"name": "Fortinet FortiManager \u003c7.2.4",
"product_id": "T040348"
}
},
{
"category": "product_version",
"name": "7.2.4",
"product": {
"name": "Fortinet FortiManager 7.2.4",
"product_id": "T040348-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.2.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.0.9",
"product": {
"name": "Fortinet FortiManager \u003c7.0.9",
"product_id": "T040350"
}
},
{
"category": "product_version",
"name": "7.0.9",
"product": {
"name": "Fortinet FortiManager 7.0.9",
"product_id": "T040350-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:fortinet:fortimanager:7.0.9"
}
}
}
],
"category": "product_name",
"name": "FortiManager"
}
],
"category": "vendor",
"name": "Fortinet"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-32115",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Fortinet FortiManager. Hierbei handelt es sich um ein Path Traversal Problem in der Administrationsschnittstelle. Ein entfernter, authentisierter Angreifer mit erh\u00f6hten Rechten kann diese Schwachstelle ausnutzen, um Dateien aus dem zugrunde liegenden Dateisystem \u00fcber manipulierte HTTP- oder HTTPS-Anfragen zu l\u00f6schen."
}
],
"product_status": {
"known_affected": [
"T039043",
"T040350",
"1674909",
"T040348",
"T040347",
"1697231"
]
},
"release_date": "2025-01-14T23:00:00.000+00:00",
"title": "CVE-2024-32115"
},
{
"cve": "CVE-2024-35277",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Fortinet FortiManager. Diese besteht aufgrund einer fehlenden Authentifizierung f\u00fcr kritische Funktionen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Konfiguration aller verwalteten Ger\u00e4te zu extrahieren."
}
],
"product_status": {
"known_affected": [
"T039043",
"T040350",
"1674909",
"T040348",
"T040347",
"1674908",
"1697231",
"T040346"
]
},
"release_date": "2025-01-14T23:00:00.000+00:00",
"title": "CVE-2024-35277"
},
{
"cve": "CVE-2024-46662",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Fortinet FortiManager. Ursache ist eine unsachgem\u00e4\u00dfe Neutralisierung spezieller Elemente die im csfd-Daemon verwendet werden. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um nicht autorisierte Befehle \u00fcber speziell gestaltete Pakete auszuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"1697231",
"T040347",
"1697232"
]
},
"release_date": "2025-01-14T23:00:00.000+00:00",
"title": "CVE-2024-46662"
},
{
"cve": "CVE-2024-47571",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Fortinet FortiManager. Fortigate-Administratorkonten werden nicht sachgem\u00e4\u00df gel\u00f6scht. Ein Angreifer kann diese Schwachstelle ausnutzen, um sich weiterhin mit den alten Anmeldedaten bei FortiGate anzumelden."
}
],
"product_status": {
"known_affected": [
"T040350",
"T040348",
"T040347",
"T040346"
]
},
"release_date": "2025-01-14T23:00:00.000+00:00",
"title": "CVE-2024-47571"
},
{
"cve": "CVE-2024-50566",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Fortinet FortiManager. Die Ursache ist eine unsachgem\u00e4\u00dfe Neutralisierung spezieller Elemente f\u00fcr OS-Befehle. Ein entfernter, authentisierter Angreifer mit erh\u00f6hten Rechten kann diese Schwachstelle ausnutzen, um nicht autorisierten Code \u00fcber von FGFM erstellte Anfragen auszuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T039043",
"1674910",
"T040174",
"T040173",
"T040172",
"1675287",
"T040348",
"1674908",
"1697231",
"T040347",
"1697232"
]
},
"release_date": "2025-01-14T23:00:00.000+00:00",
"title": "CVE-2024-50566"
}
]
}
CERTFR-2024-ALE-014
Vulnerability from certfr_alerte - Published: 2024-10-30 - Updated: 2025-03-31
[Mise à jour du 14 janvier 2025] Publication des correctifs
Le 14 janvier 2025, Fortinet a publié un avis de sécurité relatif à la vulnérabilité CVE-2024-50566 qui correspond à la vulnérabilité de type jour-zéro pour laquelle une preuve de concept a été publiée en novembre 2024. Des correctifs de sécurité sont désormais disponibles et doivent être appliqués.
[Mise à jour du 15 novembre 2024] Le CERT-FR a connaissance d'une vulnérabilité de type jour-zéro non couverte par le correctif FG-IR-24-423.
Le 14 novembre 2024, le CERT-FR a pris connaissance d'une preuve de concept publique permettant l'exploitation d'une vulnérabilité de type jour-zéro affectant l'ensemble des équipements FortiManager et FortiAnalyzer avec la fonctionnalité FortiManager.
Cette vulnérabilité permet à un attaquant contrôlant un équipement FortiGate enregistré de prendre le contrôle de l'équipement FortiManager associé, même sur les versions les plus à jour. Un attaquant peut donc, depuis un équipement FortiGate compromis, se latéraliser vers un équipement FortiManager puis vers d'autres équipements FortiGate même si ces derniers ne sont pas exposés sur Internet et qu'ils bénéficient des derniers correctifs de sécurité.
[Publication initiale]
Une vulnérabilité a été découverte dans Fortinet FortiManager. Elle permet à un attaquant non authentifié de provoquer une exécution de code arbitraire à distance.
Fortinet indique que la vulnérabilité CVE-2024-47575 est activement exploitée. L'éditeur précise qu'en exploitant cette vulnérabilité, un attaquant est en mesure d'exfiltrer des données contenant des adresses IP, des secrets et des configurations des équipements gérés par le FortiManager.
Mesures de contournement
L'éditeur propose plusieurs mesures de contournement si la mise à jour est impossible dans l'immédiat. Celles-ci varient en fonction de la version de l'équipement et peuvent entraîner des effets de bord voire être contournées dans certaines situations.
Solutions
[Mise à jour du 14 janvier 2025] Publication des correctifs
Le 14 janvier 2025, Fortinet a publié un avis de sécurité relatif à la vulnérabilité CVE-2024-50566. Les mises à jour de sécurité sont disponibles et doivent être appliquées. Veuillez-vous référer à l'avis éditeur (FG-IR-24-463) pour la liste des versions correctives.
[Mise à jour du 24 octobre 2024] Précisions relatives aux recommandations du CERT-FR.
Le CERT-FR n'exclut pas la possibilité d'exploitations réalisées dans les mois précédant la publication de l'avis de l'éditeur. Il est donc nécessaire de chercher les indicateurs de compromissions mis à disposition par l'éditeur sur une période de temps correspondante. Le CERT-FR recommande également de faire une recherche en utilisant les indicateurs détaillés dans le billet de blogue de Mandiant [4]. Note : Ces indicateurs n'ont pas été qualifiés par le CERT-FR.
Des risques d'exploitation depuis l'intérieur du système d'information via un équipement préalablement compromis, ou un relais applicatif, sont possibles. Le CERT-FR recommande donc d'effectuer une recherche de compromission sur les équipements non-exposés sur Internet.
En cas de compromission ou de suspicion de compromission: * signaler l’événement auprès du CERT-FR en mettant en copie vos éventuels CSIRTs métier ; * rechercher toutes traces de latéralisation sur le reste du système d’information, notamment : * en cherchant les connexions ou tentatives de connexion vers Internet depuis l'équipement compromis ; * puis en cherchant ces adresses IP de destination pour vérifier si d’autres machines ont tenté une connexion ; * en identifiant l'ensemble des équipement Fortinet gérés par le FortiManager puis en examinant leurs journaux.
[Publication initiale] Des versions correctives sont disponibles pour la majorité des versions impactées. Le CERT-FR recommande l'application des mises à jour de sécurité dans les plus brefs délais. Pour les versions 6.4.x, 7.0 et 7.2 de FortiManager Cloud, l'éditeur indique de mettre à jour vers la version 7.4.5 ou ultérieure.
Fortinet met à disposition différents indicateurs de compromission dans son avis de sécurité.
En cas de suspicion de compromission, il est recommandé de consulter les bons réflexes en cas d'intrusion sur votre système d'information [1], ainsi que les fiches réflexe sur la compromission système [2] [3].
L'éditeur propose, dans son bulletin, des méthodes de remédiation. Néanmoins, le CERT-FR recommande tout d'abord d'isoler les équipements compromis du réseau et de réaliser un gel de données (instantané pour les machines virtuelles, isolement de l’équipement s’il s’agit d’une machine physique) à des fins d’investigations approfondies.
[Mise à jour du 14 janvier 2025] Publication des correctifs
L'éditeur a publié des correctifs pour la vulnérabilité de type jour-zéro désormais identifiée en tant que CVE-2024-50566. La liste des systèmes affectés a été mise à jour.
[Mise à jour du 15 novembre 2024] Le CERT-FR a connaissance d'une vulnérabilité de type jour-zéro
Le CERT-FR a connaissance d'une vulnérabilité de type jour-zéro affectant l'ensemble des équipements FortiManager et FortiAnalyzer avec la fonctionnalité FortiManager.
[Mise à jour du 24 octobre 2024]Mise à jour des systèmes affectés
L'éditeur a indiqué avoir publié de nouvelles versions correctives pour FortiManager Cloud. Fortinet précise que certains équipements FortiAnalyser sont également affectés. L'identification de ces équipements est précisée dans le bulletin éditeur.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.9 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer modèles 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, 3900E avec la fonctionnalité FortiManager | ||
| Fortinet | FortiManager | FortiManager versions 6.4.x antérieures à 6.4.15 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.13 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiManager | FortiManager versions 6.2.x antérieures à 6.2.13 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 6.4.x à 7.0.x antérieures à 7.0.13 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer mod\u00e8les 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, 3900E avec la fonctionnalit\u00e9 FortiManager",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 6.4.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 14 janvier 2025]\u003c/span\u003e** \u003cspan class=\"important-content\"\u003e**Publication des correctifs**\u003c/span\u003e\n\nL\u0027\u00e9diteur a publi\u00e9 des correctifs pour la vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro d\u00e9sormais identifi\u00e9e en tant que CVE-2024-50566. La liste des syst\u00e8mes affect\u00e9s a \u00e9t\u00e9 mise \u00e0 jour.\n\n**[Mise \u00e0 jour du 15 novembre 2024]** Le CERT-FR a connaissance d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro\n\nLe CERT-FR a connaissance d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro affectant l\u0027ensemble des \u00e9quipements FortiManager et FortiAnalyzer avec la fonctionnalit\u00e9 FortiManager.\n\n**[Mise \u00e0 jour du 24 octobre 2024]Mise \u00e0 jour des syst\u00e8mes affect\u00e9s**\n\nL\u0027\u00e9diteur a indiqu\u00e9 avoir publi\u00e9 de nouvelles versions correctives pour FortiManager Cloud. Fortinet pr\u00e9cise que certains \u00e9quipements FortiAnalyser sont \u00e9galement affect\u00e9s. L\u0027identification de ces \u00e9quipements est pr\u00e9cis\u00e9e dans le bulletin \u00e9diteur. ",
"closed_at": "2025-03-31",
"content": "##\u00a0Mesures de contournement\n\nL\u0027\u00e9diteur propose plusieurs mesures de contournement si la mise \u00e0 jour est impossible dans l\u0027imm\u00e9diat. Celles-ci varient en fonction de la version de l\u0027\u00e9quipement et peuvent entra\u00eener des effets de bord voire \u00eatre contourn\u00e9es dans certaines situations.\n\n## Solutions\n\n**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 14 janvier 2025]\u003c/span\u003e** \u003cspan class=\"important-content\"\u003e**Publication des correctifs**\u003c/span\u003e\n\nLe 14 janvier 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2024-50566. Les mises \u00e0 jour de s\u00e9curit\u00e9 sont disponibles et doivent \u00eatre appliqu\u00e9es. Veuillez-vous r\u00e9f\u00e9rer \u00e0 l\u0027avis \u00e9diteur (FG-IR-24-463) pour la liste des versions correctives.\n\n**[Mise \u00e0 jour du 24 octobre 2024] Pr\u00e9cisions relatives aux recommandations du CERT-FR.**\n\nLe CERT-FR n\u0027exclut pas la possibilit\u00e9 d\u0027exploitations r\u00e9alis\u00e9es dans les mois pr\u00e9c\u00e9dant la publication de l\u0027avis de l\u0027\u00e9diteur. Il est donc n\u00e9cessaire de chercher les indicateurs de compromissions mis \u00e0 disposition par l\u0027\u00e9diteur sur une p\u00e9riode de temps correspondante. Le CERT-FR recommande \u00e9galement de faire une recherche en utilisant les indicateurs d\u00e9taill\u00e9s dans le billet de blogue de Mandiant [4]. *Note : Ces indicateurs n\u0027ont pas \u00e9t\u00e9 qualifi\u00e9s par le CERT-FR.*\n\nDes risques d\u0027exploitation depuis l\u0027int\u00e9rieur du syst\u00e8me d\u0027information via un \u00e9quipement pr\u00e9alablement compromis, ou un relais applicatif, sont possibles. Le CERT-FR recommande donc d\u0027effectuer une recherche de compromission sur les \u00e9quipements non-expos\u00e9s sur Internet.\n\n\nEn cas de compromission ou de suspicion de compromission: \n* signaler l\u2019\u00e9v\u00e9nement aupr\u00e8s du CERT-FR en mettant en copie vos \u00e9ventuels CSIRTs m\u00e9tier ;\n* rechercher toutes traces de lat\u00e9ralisation sur le reste du syst\u00e8me d\u2019information, notamment :\n * en cherchant les connexions ou tentatives de connexion vers Internet depuis l\u0027\u00e9quipement compromis ;\n * puis en cherchant ces adresses IP de destination pour v\u00e9rifier si d\u2019autres machines ont tent\u00e9 une connexion ; \n * en identifiant l\u0027ensemble des \u00e9quipement Fortinet g\u00e9r\u00e9s par le FortiManager puis en examinant leurs journaux.\n\n**[Publication initiale]**\nDes versions correctives sont disponibles pour la majorit\u00e9 des versions impact\u00e9es. Le CERT-FR recommande l\u0027application des mises \u00e0 jour de s\u00e9curit\u00e9 dans les plus brefs d\u00e9lais.\nPour les versions 6.4.x, 7.0 et 7.2 de FortiManager Cloud, l\u0027\u00e9diteur indique de mettre \u00e0 jour vers la version 7.4.5 ou ult\u00e9rieure. \n\nFortinet met \u00e0 disposition diff\u00e9rents indicateurs de compromission dans son avis de s\u00e9curit\u00e9.\n\nEn cas de suspicion de compromission, il est recommand\u00e9 de consulter les [bons r\u00e9flexes en cas d\u0027intrusion sur votre syst\u00e8me d\u0027information](https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/) [1], ainsi que les fiches r\u00e9flexe sur la compromission syst\u00e8me [2] [3].\n\nL\u0027\u00e9diteur propose, dans son bulletin, des m\u00e9thodes de rem\u00e9diation. N\u00e9anmoins, le CERT-FR recommande tout d\u0027abord d\u0027isoler les \u00e9quipements compromis du r\u00e9seau et de r\u00e9aliser un gel de donn\u00e9es (instantan\u00e9 pour les machines virtuelles, isolement de l\u2019\u00e9quipement s\u2019il s\u2019agit d\u2019une machine physique) \u00e0 des fins d\u2019investigations approfondies. ",
"cves": [
{
"name": "CVE-2024-50566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50566"
},
{
"name": "CVE-2024-47575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47575"
}
],
"initial_release_date": "2024-10-30T00:00:00",
"last_revision_date": "2025-03-31T00:00:00",
"links": [
{
"title": "Avis CERTFR-2025-AVI-0030 du 14 janvier 2025",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0030/"
},
{
"title": "[4] Billet de blogue de Mandiant du 24 octobre 2024",
"url": "https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575?hl=en"
},
{
"title": "[3] Fiche r\u00e9flexe Compromission syst\u00e8me - Endiguement",
"url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2024-RFX-006/"
},
{
"title": "[1] Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
"url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
},
{
"title": "[2]\u00a0Fiche r\u00e9flexe Compromission syst\u00e8me - Qualification",
"url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2024-RFX-005/"
},
{
"title": "Avis CERTFR-2024-AVI-0917 du 23 octobre 2024",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0917"
}
],
"reference": "CERTFR-2024-ALE-014",
"revisions": [
{
"description": "Mise \u00e0 jour concernant la disponibilit\u00e9 de correctifs",
"revision_date": "2024-10-30T00:00:00.000000"
},
{
"description": "Reformulation",
"revision_date": "2024-11-21T00:00:00.000000"
},
{
"description": "Publication des correctifs de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-50566",
"revision_date": "2025-01-14T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des syst\u00e8mes affect\u00e9s et des recommandations du CERT-FR",
"revision_date": "2024-10-24T00:00:00.000000"
},
{
"description": "Le CERT-FR a connaissance d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro permettant de contourner partiellement le correctif FG-IR-24-423.",
"revision_date": "2024-11-15T00:00:00.000000"
},
{
"description": " Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2025-03-31T00:00:00.000000"
},
{
"description": "Version initiale",
"revision_date": "2024-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 14 janvier 2025]\u003c/span\u003e** \u003cspan class=\"important-content\"\u003e**Publication des correctifs**\u003c/span\u003e\n\nLe 14 janvier 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2024-50566 qui correspond \u00e0 la vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro pour laquelle une preuve de concept a \u00e9t\u00e9 publi\u00e9e en novembre 2024. Des correctifs de s\u00e9curit\u00e9 sont d\u00e9sormais disponibles et doivent \u00eatre appliqu\u00e9s.\n\n**[Mise \u00e0 jour du 15 novembre 2024]** Le CERT-FR a connaissance d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro non couverte par le correctif FG-IR-24-423.\n\nLe 14 novembre 2024, le CERT-FR a pris connaissance d\u0027une preuve de concept publique permettant l\u0027exploitation d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro affectant l\u0027ensemble des \u00e9quipements FortiManager et FortiAnalyzer avec la fonctionnalit\u00e9 FortiManager.\n\u003c/span\u003e\n\u003c/br\u003e\u003c/br\u003e\nCette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant contr\u00f4lant un \u00e9quipement FortiGate enregistr\u00e9 de prendre le contr\u00f4le de l\u0027\u00e9quipement FortiManager associ\u00e9, m\u00eame sur les versions les plus \u00e0 jour. Un attaquant peut donc, depuis un \u00e9quipement FortiGate compromis, se lat\u00e9raliser vers un \u00e9quipement FortiManager puis vers d\u0027autres \u00e9quipements FortiGate m\u00eame si ces derniers ne sont pas expos\u00e9s sur Internet et qu\u0027ils b\u00e9n\u00e9ficient des derniers correctifs de s\u00e9curit\u00e9.\n\u003c/span\u003e\n\n**[Publication initiale]**\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiManager. Elle permet \u00e0 un attaquant non authentifi\u00e9 de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2024-47575 est activement exploit\u00e9e. L\u0027\u00e9diteur pr\u00e9cise qu\u0027en exploitant cette vuln\u00e9rabilit\u00e9, un attaquant est en mesure d\u0027exfiltrer des donn\u00e9es contenant des adresses IP, des secrets et des configurations des \u00e9quipements g\u00e9r\u00e9s par le FortiManager. ",
"title": "[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Fortinet FortiManager",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-463",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-463"
},
{
"published_at": "2024-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-423",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-423"
}
]
}
CERTFR-2024-ALE-014
Vulnerability from certfr_alerte - Published: 2024-10-30 - Updated: 2025-03-31
[Mise à jour du 14 janvier 2025] Publication des correctifs
Le 14 janvier 2025, Fortinet a publié un avis de sécurité relatif à la vulnérabilité CVE-2024-50566 qui correspond à la vulnérabilité de type jour-zéro pour laquelle une preuve de concept a été publiée en novembre 2024. Des correctifs de sécurité sont désormais disponibles et doivent être appliqués.
[Mise à jour du 15 novembre 2024] Le CERT-FR a connaissance d'une vulnérabilité de type jour-zéro non couverte par le correctif FG-IR-24-423.
Le 14 novembre 2024, le CERT-FR a pris connaissance d'une preuve de concept publique permettant l'exploitation d'une vulnérabilité de type jour-zéro affectant l'ensemble des équipements FortiManager et FortiAnalyzer avec la fonctionnalité FortiManager.
Cette vulnérabilité permet à un attaquant contrôlant un équipement FortiGate enregistré de prendre le contrôle de l'équipement FortiManager associé, même sur les versions les plus à jour. Un attaquant peut donc, depuis un équipement FortiGate compromis, se latéraliser vers un équipement FortiManager puis vers d'autres équipements FortiGate même si ces derniers ne sont pas exposés sur Internet et qu'ils bénéficient des derniers correctifs de sécurité.
[Publication initiale]
Une vulnérabilité a été découverte dans Fortinet FortiManager. Elle permet à un attaquant non authentifié de provoquer une exécution de code arbitraire à distance.
Fortinet indique que la vulnérabilité CVE-2024-47575 est activement exploitée. L'éditeur précise qu'en exploitant cette vulnérabilité, un attaquant est en mesure d'exfiltrer des données contenant des adresses IP, des secrets et des configurations des équipements gérés par le FortiManager.
Mesures de contournement
L'éditeur propose plusieurs mesures de contournement si la mise à jour est impossible dans l'immédiat. Celles-ci varient en fonction de la version de l'équipement et peuvent entraîner des effets de bord voire être contournées dans certaines situations.
Solutions
[Mise à jour du 14 janvier 2025] Publication des correctifs
Le 14 janvier 2025, Fortinet a publié un avis de sécurité relatif à la vulnérabilité CVE-2024-50566. Les mises à jour de sécurité sont disponibles et doivent être appliquées. Veuillez-vous référer à l'avis éditeur (FG-IR-24-463) pour la liste des versions correctives.
[Mise à jour du 24 octobre 2024] Précisions relatives aux recommandations du CERT-FR.
Le CERT-FR n'exclut pas la possibilité d'exploitations réalisées dans les mois précédant la publication de l'avis de l'éditeur. Il est donc nécessaire de chercher les indicateurs de compromissions mis à disposition par l'éditeur sur une période de temps correspondante. Le CERT-FR recommande également de faire une recherche en utilisant les indicateurs détaillés dans le billet de blogue de Mandiant [4]. Note : Ces indicateurs n'ont pas été qualifiés par le CERT-FR.
Des risques d'exploitation depuis l'intérieur du système d'information via un équipement préalablement compromis, ou un relais applicatif, sont possibles. Le CERT-FR recommande donc d'effectuer une recherche de compromission sur les équipements non-exposés sur Internet.
En cas de compromission ou de suspicion de compromission: * signaler l’événement auprès du CERT-FR en mettant en copie vos éventuels CSIRTs métier ; * rechercher toutes traces de latéralisation sur le reste du système d’information, notamment : * en cherchant les connexions ou tentatives de connexion vers Internet depuis l'équipement compromis ; * puis en cherchant ces adresses IP de destination pour vérifier si d’autres machines ont tenté une connexion ; * en identifiant l'ensemble des équipement Fortinet gérés par le FortiManager puis en examinant leurs journaux.
[Publication initiale] Des versions correctives sont disponibles pour la majorité des versions impactées. Le CERT-FR recommande l'application des mises à jour de sécurité dans les plus brefs délais. Pour les versions 6.4.x, 7.0 et 7.2 de FortiManager Cloud, l'éditeur indique de mettre à jour vers la version 7.4.5 ou ultérieure.
Fortinet met à disposition différents indicateurs de compromission dans son avis de sécurité.
En cas de suspicion de compromission, il est recommandé de consulter les bons réflexes en cas d'intrusion sur votre système d'information [1], ainsi que les fiches réflexe sur la compromission système [2] [3].
L'éditeur propose, dans son bulletin, des méthodes de remédiation. Néanmoins, le CERT-FR recommande tout d'abord d'isoler les équipements compromis du réseau et de réaliser un gel de données (instantané pour les machines virtuelles, isolement de l’équipement s’il s’agit d’une machine physique) à des fins d’investigations approfondies.
[Mise à jour du 14 janvier 2025] Publication des correctifs
L'éditeur a publié des correctifs pour la vulnérabilité de type jour-zéro désormais identifiée en tant que CVE-2024-50566. La liste des systèmes affectés a été mise à jour.
[Mise à jour du 15 novembre 2024] Le CERT-FR a connaissance d'une vulnérabilité de type jour-zéro
Le CERT-FR a connaissance d'une vulnérabilité de type jour-zéro affectant l'ensemble des équipements FortiManager et FortiAnalyzer avec la fonctionnalité FortiManager.
[Mise à jour du 24 octobre 2024]Mise à jour des systèmes affectés
L'éditeur a indiqué avoir publié de nouvelles versions correctives pour FortiManager Cloud. Fortinet précise que certains équipements FortiAnalyser sont également affectés. L'identification de ces équipements est précisée dans le bulletin éditeur.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiManager | FortiManager versions 7.2.x antérieures à 7.2.9 | ||
| Fortinet | FortiAnalyzer | FortiAnalyzer modèles 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, 3900E avec la fonctionnalité FortiManager | ||
| Fortinet | FortiManager | FortiManager versions 6.4.x antérieures à 6.4.15 | ||
| Fortinet | FortiManager | FortiManager versions 7.0.x antérieures à 7.0.13 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiManager | FortiManager versions 6.2.x antérieures à 6.2.13 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 6.4.x à 7.0.x antérieures à 7.0.13 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiAnalyzer mod\u00e8les 1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G, 3900E avec la fonctionnalit\u00e9 FortiManager",
"product": {
"name": "FortiAnalyzer",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.4.x ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 6.2.x ant\u00e9rieures \u00e0 6.2.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 6.4.x \u00e0 7.0.x ant\u00e9rieures \u00e0 7.0.13",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 14 janvier 2025]\u003c/span\u003e** \u003cspan class=\"important-content\"\u003e**Publication des correctifs**\u003c/span\u003e\n\nL\u0027\u00e9diteur a publi\u00e9 des correctifs pour la vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro d\u00e9sormais identifi\u00e9e en tant que CVE-2024-50566. La liste des syst\u00e8mes affect\u00e9s a \u00e9t\u00e9 mise \u00e0 jour.\n\n**[Mise \u00e0 jour du 15 novembre 2024]** Le CERT-FR a connaissance d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro\n\nLe CERT-FR a connaissance d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro affectant l\u0027ensemble des \u00e9quipements FortiManager et FortiAnalyzer avec la fonctionnalit\u00e9 FortiManager.\n\n**[Mise \u00e0 jour du 24 octobre 2024]Mise \u00e0 jour des syst\u00e8mes affect\u00e9s**\n\nL\u0027\u00e9diteur a indiqu\u00e9 avoir publi\u00e9 de nouvelles versions correctives pour FortiManager Cloud. Fortinet pr\u00e9cise que certains \u00e9quipements FortiAnalyser sont \u00e9galement affect\u00e9s. L\u0027identification de ces \u00e9quipements est pr\u00e9cis\u00e9e dans le bulletin \u00e9diteur. ",
"closed_at": "2025-03-31",
"content": "##\u00a0Mesures de contournement\n\nL\u0027\u00e9diteur propose plusieurs mesures de contournement si la mise \u00e0 jour est impossible dans l\u0027imm\u00e9diat. Celles-ci varient en fonction de la version de l\u0027\u00e9quipement et peuvent entra\u00eener des effets de bord voire \u00eatre contourn\u00e9es dans certaines situations.\n\n## Solutions\n\n**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 14 janvier 2025]\u003c/span\u003e** \u003cspan class=\"important-content\"\u003e**Publication des correctifs**\u003c/span\u003e\n\nLe 14 janvier 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2024-50566. Les mises \u00e0 jour de s\u00e9curit\u00e9 sont disponibles et doivent \u00eatre appliqu\u00e9es. Veuillez-vous r\u00e9f\u00e9rer \u00e0 l\u0027avis \u00e9diteur (FG-IR-24-463) pour la liste des versions correctives.\n\n**[Mise \u00e0 jour du 24 octobre 2024] Pr\u00e9cisions relatives aux recommandations du CERT-FR.**\n\nLe CERT-FR n\u0027exclut pas la possibilit\u00e9 d\u0027exploitations r\u00e9alis\u00e9es dans les mois pr\u00e9c\u00e9dant la publication de l\u0027avis de l\u0027\u00e9diteur. Il est donc n\u00e9cessaire de chercher les indicateurs de compromissions mis \u00e0 disposition par l\u0027\u00e9diteur sur une p\u00e9riode de temps correspondante. Le CERT-FR recommande \u00e9galement de faire une recherche en utilisant les indicateurs d\u00e9taill\u00e9s dans le billet de blogue de Mandiant [4]. *Note : Ces indicateurs n\u0027ont pas \u00e9t\u00e9 qualifi\u00e9s par le CERT-FR.*\n\nDes risques d\u0027exploitation depuis l\u0027int\u00e9rieur du syst\u00e8me d\u0027information via un \u00e9quipement pr\u00e9alablement compromis, ou un relais applicatif, sont possibles. Le CERT-FR recommande donc d\u0027effectuer une recherche de compromission sur les \u00e9quipements non-expos\u00e9s sur Internet.\n\n\nEn cas de compromission ou de suspicion de compromission: \n* signaler l\u2019\u00e9v\u00e9nement aupr\u00e8s du CERT-FR en mettant en copie vos \u00e9ventuels CSIRTs m\u00e9tier ;\n* rechercher toutes traces de lat\u00e9ralisation sur le reste du syst\u00e8me d\u2019information, notamment :\n * en cherchant les connexions ou tentatives de connexion vers Internet depuis l\u0027\u00e9quipement compromis ;\n * puis en cherchant ces adresses IP de destination pour v\u00e9rifier si d\u2019autres machines ont tent\u00e9 une connexion ; \n * en identifiant l\u0027ensemble des \u00e9quipement Fortinet g\u00e9r\u00e9s par le FortiManager puis en examinant leurs journaux.\n\n**[Publication initiale]**\nDes versions correctives sont disponibles pour la majorit\u00e9 des versions impact\u00e9es. Le CERT-FR recommande l\u0027application des mises \u00e0 jour de s\u00e9curit\u00e9 dans les plus brefs d\u00e9lais.\nPour les versions 6.4.x, 7.0 et 7.2 de FortiManager Cloud, l\u0027\u00e9diteur indique de mettre \u00e0 jour vers la version 7.4.5 ou ult\u00e9rieure. \n\nFortinet met \u00e0 disposition diff\u00e9rents indicateurs de compromission dans son avis de s\u00e9curit\u00e9.\n\nEn cas de suspicion de compromission, il est recommand\u00e9 de consulter les [bons r\u00e9flexes en cas d\u0027intrusion sur votre syst\u00e8me d\u0027information](https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/) [1], ainsi que les fiches r\u00e9flexe sur la compromission syst\u00e8me [2] [3].\n\nL\u0027\u00e9diteur propose, dans son bulletin, des m\u00e9thodes de rem\u00e9diation. N\u00e9anmoins, le CERT-FR recommande tout d\u0027abord d\u0027isoler les \u00e9quipements compromis du r\u00e9seau et de r\u00e9aliser un gel de donn\u00e9es (instantan\u00e9 pour les machines virtuelles, isolement de l\u2019\u00e9quipement s\u2019il s\u2019agit d\u2019une machine physique) \u00e0 des fins d\u2019investigations approfondies. ",
"cves": [
{
"name": "CVE-2024-50566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50566"
},
{
"name": "CVE-2024-47575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47575"
}
],
"initial_release_date": "2024-10-30T00:00:00",
"last_revision_date": "2025-03-31T00:00:00",
"links": [
{
"title": "Avis CERTFR-2025-AVI-0030 du 14 janvier 2025",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0030/"
},
{
"title": "[4] Billet de blogue de Mandiant du 24 octobre 2024",
"url": "https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575?hl=en"
},
{
"title": "[3] Fiche r\u00e9flexe Compromission syst\u00e8me - Endiguement",
"url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2024-RFX-006/"
},
{
"title": "[1] Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information",
"url": "https://www.cert.ssi.gouv.fr/les-bons-reflexes-en-cas-dintrusion-sur-un-systeme-dinformation/"
},
{
"title": "[2]\u00a0Fiche r\u00e9flexe Compromission syst\u00e8me - Qualification",
"url": "https://www.cert.ssi.gouv.fr/fiche/CERTFR-2024-RFX-005/"
},
{
"title": "Avis CERTFR-2024-AVI-0917 du 23 octobre 2024",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0917"
}
],
"reference": "CERTFR-2024-ALE-014",
"revisions": [
{
"description": "Mise \u00e0 jour concernant la disponibilit\u00e9 de correctifs",
"revision_date": "2024-10-30T00:00:00.000000"
},
{
"description": "Reformulation",
"revision_date": "2024-11-21T00:00:00.000000"
},
{
"description": "Publication des correctifs de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-50566",
"revision_date": "2025-01-14T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des syst\u00e8mes affect\u00e9s et des recommandations du CERT-FR",
"revision_date": "2024-10-24T00:00:00.000000"
},
{
"description": "Le CERT-FR a connaissance d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro permettant de contourner partiellement le correctif FG-IR-24-423.",
"revision_date": "2024-11-15T00:00:00.000000"
},
{
"description": " Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2025-03-31T00:00:00.000000"
},
{
"description": "Version initiale",
"revision_date": "2024-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "**\u003cspan class=\"important-content\"\u003e[Mise \u00e0 jour du 14 janvier 2025]\u003c/span\u003e** \u003cspan class=\"important-content\"\u003e**Publication des correctifs**\u003c/span\u003e\n\nLe 14 janvier 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2024-50566 qui correspond \u00e0 la vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro pour laquelle une preuve de concept a \u00e9t\u00e9 publi\u00e9e en novembre 2024. Des correctifs de s\u00e9curit\u00e9 sont d\u00e9sormais disponibles et doivent \u00eatre appliqu\u00e9s.\n\n**[Mise \u00e0 jour du 15 novembre 2024]** Le CERT-FR a connaissance d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro non couverte par le correctif FG-IR-24-423.\n\nLe 14 novembre 2024, le CERT-FR a pris connaissance d\u0027une preuve de concept publique permettant l\u0027exploitation d\u0027une vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro affectant l\u0027ensemble des \u00e9quipements FortiManager et FortiAnalyzer avec la fonctionnalit\u00e9 FortiManager.\n\u003c/span\u003e\n\u003c/br\u003e\u003c/br\u003e\nCette vuln\u00e9rabilit\u00e9 permet \u00e0 un attaquant contr\u00f4lant un \u00e9quipement FortiGate enregistr\u00e9 de prendre le contr\u00f4le de l\u0027\u00e9quipement FortiManager associ\u00e9, m\u00eame sur les versions les plus \u00e0 jour. Un attaquant peut donc, depuis un \u00e9quipement FortiGate compromis, se lat\u00e9raliser vers un \u00e9quipement FortiManager puis vers d\u0027autres \u00e9quipements FortiGate m\u00eame si ces derniers ne sont pas expos\u00e9s sur Internet et qu\u0027ils b\u00e9n\u00e9ficient des derniers correctifs de s\u00e9curit\u00e9.\n\u003c/span\u003e\n\n**[Publication initiale]**\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Fortinet FortiManager. Elle permet \u00e0 un attaquant non authentifi\u00e9 de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2024-47575 est activement exploit\u00e9e. L\u0027\u00e9diteur pr\u00e9cise qu\u0027en exploitant cette vuln\u00e9rabilit\u00e9, un attaquant est en mesure d\u0027exfiltrer des donn\u00e9es contenant des adresses IP, des secrets et des configurations des \u00e9quipements g\u00e9r\u00e9s par le FortiManager. ",
"title": "[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Fortinet FortiManager",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-463",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-463"
},
{
"published_at": "2024-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-423",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-423"
}
]
}
CERTFR-2025-AVI-0030
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Fortinet indique que la vulnérabilité CVE-2024-55591 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.17 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.20 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.13 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiManager | FortiManager versions7.2.x antérieures à 7.2.9 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.17",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions7.2.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-50566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50566"
},
{
"name": "CVE-2025-24472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24472"
},
{
"name": "CVE-2024-55591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55591"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0030",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-14T00:00:00.000000"
},
{
"description": "Ajout de la vuln\u00e9rabilit\u00e9 CVE-2025-24472",
"revision_date": "2025-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2024-55591 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-535",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-535"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-463",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-463"
}
]
}
CERTFR-2025-AVI-0030
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Fortinet indique que la vulnérabilité CVE-2024-55591 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Fortinet | FortiManager | FortiManager versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiOS | FortiOS versions 7.0.x antérieures à 7.0.17 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.4.x antérieures à 7.4.5 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.0.x antérieures à 7.0.20 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.6.x antérieures à 7.6.2 | ||
| Fortinet | FortiProxy | FortiProxy versions 7.2.x antérieures à 7.2.13 | ||
| Fortinet | FortiManager | FortiManager Cloud versions 7.2.x antérieures à 7.2.8 | ||
| Fortinet | FortiManager | FortiManager versions 7.4.x antérieures à 7.4.6 | ||
| Fortinet | FortiManager | FortiManager versions7.2.x antérieures à 7.2.9 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "FortiManager versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiOS versions 7.0.x ant\u00e9rieures \u00e0 7.0.17",
"product": {
"name": "FortiOS",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.4.x ant\u00e9rieures \u00e0 7.4.5",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.0.x ant\u00e9rieures \u00e0 7.0.20",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.6.x ant\u00e9rieures \u00e0 7.6.2",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiProxy versions 7.2.x ant\u00e9rieures \u00e0 7.2.13",
"product": {
"name": "FortiProxy",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager Cloud versions 7.2.x ant\u00e9rieures \u00e0 7.2.8",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions 7.4.x ant\u00e9rieures \u00e0 7.4.6",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
},
{
"description": "FortiManager versions7.2.x ant\u00e9rieures \u00e0 7.2.9",
"product": {
"name": "FortiManager",
"vendor": {
"name": "Fortinet",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-50566",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50566"
},
{
"name": "CVE-2025-24472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24472"
},
{
"name": "CVE-2024-55591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55591"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0030",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-14T00:00:00.000000"
},
{
"description": "Ajout de la vuln\u00e9rabilit\u00e9 CVE-2025-24472",
"revision_date": "2025-02-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n\nFortinet indique que la vuln\u00e9rabilit\u00e9 CVE-2024-55591 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
"vendor_advisories": [
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-535",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-535"
},
{
"published_at": "2025-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-463",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-463"
}
]
}
NCSC-2025-0018
Vulnerability from csaf_ncscnl - Published: 2025-01-15 13:25 - Updated: 2025-01-15 13:25Summary
Kwetsbaarheden verholpen in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS en FortiProxy
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Fortinet heeft kwetsbaarheden verholpen in FortiSwitch, FortiManager, FortiAnalyzer, FortiOS en FortiProxy.
Interpretaties
De kwetsbaarheden omvatten onder andere hard-coded cryptografische sleutels, onjuiste verwerking van OS-commando's, en out-of-bounds schrijf- en leesfouten. Aanvallers kunnen deze kwetsbaarheden misbruiken om ongeautoriseerde toegang te verkrijgen, willekeurige code uit te voeren en Denial-of-Service-aanvallen te veroorzaken.
Oplossingen
Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-672
Operation on a Resource after Expiration or Release
CWE-1390
Weak Authentication
CWE-201
Insertion of Sensitive Information Into Sent Data
CWE-266
Incorrect Privilege Assignment
CWE-23
Relative Path Traversal
CWE-190
Integer Overflow or Wraparound
CWE-321
Use of Hard-coded Cryptographic Key
CWE-125
Out-of-bounds Read
CWE-306
Missing Authentication for Critical Function
CWE-346
Origin Validation Error
CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-476
NULL Pointer Dereference
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787
Out-of-bounds Write
CWE-121
Stack-based Buffer Overflow
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Fortinet heeft kwetsbaarheden verholpen in FortiSwitch, FortiManager, FortiAnalyzer, FortiOS en FortiProxy.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten onder andere hard-coded cryptografische sleutels, onjuiste verwerking van OS-commando\u0027s, en out-of-bounds schrijf- en leesfouten. Aanvallers kunnen deze kwetsbaarheden misbruiken om ongeautoriseerde toegang te verkrijgen, willekeurige code uit te voeren en Denial-of-Service-aanvallen te veroorzaken. ",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Fortinet heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Operation on a Resource after Expiration or Release",
"title": "CWE-672"
},
{
"category": "general",
"text": "Weak Authentication",
"title": "CWE-1390"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Incorrect Privilege Assignment",
"title": "CWE-266"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Use of Hard-coded Cryptographic Key",
"title": "CWE-321"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
},
{
"category": "general",
"text": "Origin Validation Error",
"title": "CWE-346"
},
{
"category": "general",
"text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"title": "CWE-113"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"title": "CWE-89"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-239"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-143"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-097"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-152"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-222"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-326"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-282"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-405"
},
{
"category": "external",
"summary": "Reference - certbundde",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-260"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-407"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-267"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-135"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-219"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-127"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-293"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-463"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-061"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-373"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-259"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-106"
},
{
"category": "external",
"summary": "Reference - certbundde",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-258"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-091"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-473"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-165"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-250"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-24-221"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://www.fortiguard.com/psirt/FG-IR-23-494"
}
],
"title": "Kwetsbaarheden verholpen in Fortinet FortiSwitch, FortiManager, FortiAnalyzer, FortiOS en FortiProxy",
"tracking": {
"current_release_date": "2025-01-15T13:25:32.904961Z",
"id": "NCSC-2025-0018",
"initial_release_date": "2025-01-15T13:25:32.904961Z",
"revision_history": [
{
"date": "2025-01-15T13:25:32.904961Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "fortiswitch",
"product": {
"name": "fortiswitch",
"product_id": "CSAFPID-113747",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiswitch:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortianalyzer",
"product": {
"name": "fortianalyzer",
"product_id": "CSAFPID-113748",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortiproxy",
"product": {
"name": "fortiproxy",
"product_id": "CSAFPID-265532",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortios",
"product": {
"name": "fortios",
"product_id": "CSAFPID-113752",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortios:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "fortimanager",
"product": {
"name": "fortimanager",
"product_id": "CSAFPID-233785",
"product_identification_helper": {
"cpe": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "fortinet"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23439",
"references": [
{
"category": "self",
"summary": "CVE-2022-23439",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-23439.json"
}
],
"title": "CVE-2022-23439"
},
{
"cve": "CVE-2023-37936",
"cwe": {
"id": "CWE-321",
"name": "Use of Hard-coded Cryptographic Key"
},
"notes": [
{
"category": "other",
"text": "Use of Hard-coded Cryptographic Key",
"title": "CWE-321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-113747"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-37936",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37936.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-113747"
]
}
],
"title": "CVE-2023-37936"
},
{
"cve": "CVE-2023-37937",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
}
],
"product_status": {
"known_affected": [
"CSAFPID-113747"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-37937",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37937.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-113747"
]
}
],
"title": "CVE-2023-37937"
},
{
"cve": "CVE-2023-42785",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-42785",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42785.json"
}
],
"title": "CVE-2023-42785"
},
{
"cve": "CVE-2023-42791",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"notes": [
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-42791",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42791.json"
}
],
"title": "CVE-2023-42791"
},
{
"cve": "CVE-2023-46715",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"notes": [
{
"category": "other",
"text": "Origin Validation Error",
"title": "CWE-346"
}
],
"product_status": {
"known_affected": [
"CSAFPID-265532",
"CSAFPID-113752"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46715",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46715.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:P/RL:X/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-265532",
"CSAFPID-113752"
]
}
],
"title": "CVE-2023-46715"
},
{
"cve": "CVE-2024-21762",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-113752",
"CSAFPID-265532"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21762",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21762.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-113752",
"CSAFPID-265532"
]
}
],
"title": "CVE-2024-21762"
},
{
"cve": "CVE-2024-26012",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-26012",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26012.json"
}
],
"title": "CVE-2024-26012"
},
{
"cve": "CVE-2024-27778",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-27778",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27778.json"
}
],
"title": "CVE-2024-27778"
},
{
"cve": "CVE-2024-32115",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
}
],
"product_status": {
"known_affected": [
"CSAFPID-233785"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32115",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-233785"
]
}
],
"title": "CVE-2024-32115"
},
{
"cve": "CVE-2024-33502",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-113748",
"CSAFPID-233785"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33502",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33502.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-113748",
"CSAFPID-233785"
]
}
],
"title": "CVE-2024-33502"
},
{
"cve": "CVE-2024-33503",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"notes": [
{
"category": "other",
"text": "Incorrect Privilege Assignment",
"title": "CWE-266"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33503",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33503.json"
}
],
"title": "CVE-2024-33503"
},
{
"cve": "CVE-2024-35273",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-35273",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35273.json"
}
],
"title": "CVE-2024-35273"
},
{
"cve": "CVE-2024-35275",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"title": "CWE-89"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-35275",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35275.json"
}
],
"title": "CVE-2024-35275"
},
{
"cve": "CVE-2024-35276",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-35276",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35276.json"
}
],
"title": "CVE-2024-35276"
},
{
"cve": "CVE-2024-35277",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "other",
"text": "Missing Authentication for Critical Function",
"title": "CWE-306"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-35277",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35277.json"
}
],
"title": "CVE-2024-35277"
},
{
"cve": "CVE-2024-36504",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-36504",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36504.json"
}
],
"title": "CVE-2024-36504"
},
{
"cve": "CVE-2024-36512",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-113748",
"CSAFPID-233785"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36512",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36512.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-113748",
"CSAFPID-233785"
]
}
],
"title": "CVE-2024-36512"
},
{
"cve": "CVE-2024-46662",
"product_status": {
"known_affected": [
"CSAFPID-233785"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-46662",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46662.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-233785"
]
}
],
"title": "CVE-2024-46662"
},
{
"cve": "CVE-2024-46665",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
}
],
"product_status": {
"known_affected": [
"CSAFPID-113752"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-46665",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46665.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-113752"
]
}
],
"title": "CVE-2024-46665"
},
{
"cve": "CVE-2024-46666",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-46666",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46666.json"
}
],
"title": "CVE-2024-46666"
},
{
"cve": "CVE-2024-46668",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-46668",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46668.json"
}
],
"title": "CVE-2024-46668"
},
{
"cve": "CVE-2024-46669",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-46669",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46669.json"
}
],
"title": "CVE-2024-46669"
},
{
"cve": "CVE-2024-46670",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
}
],
"product_status": {
"known_affected": [
"CSAFPID-265532"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-46670",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-46670.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X",
"version": "3.1"
},
"products": [
"CSAFPID-265532"
]
}
],
"title": "CVE-2024-46670"
},
{
"cve": "CVE-2024-47571",
"cwe": {
"id": "CWE-672",
"name": "Operation on a Resource after Expiration or Release"
},
"notes": [
{
"category": "other",
"text": "Operation on a Resource after Expiration or Release",
"title": "CWE-672"
}
],
"product_status": {
"known_affected": [
"CSAFPID-233785"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47571",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-233785"
]
}
],
"title": "CVE-2024-47571"
},
{
"cve": "CVE-2024-48884",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-265532"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-48884",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-48884.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-265532"
]
}
],
"title": "CVE-2024-48884"
},
{
"cve": "CVE-2024-48886",
"cwe": {
"id": "CWE-1390",
"name": "Weak Authentication"
},
"notes": [
{
"category": "other",
"text": "Weak Authentication",
"title": "CWE-1390"
}
],
"product_status": {
"known_affected": [
"CSAFPID-265532"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-48886",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-48886.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:R",
"version": "3.1"
},
"products": [
"CSAFPID-265532"
]
}
],
"title": "CVE-2024-48886"
},
{
"cve": "CVE-2024-50566",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-50566",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50566.json"
}
],
"title": "CVE-2024-50566"
},
{
"cve": "CVE-2024-52963",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-265532"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52963",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52963.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:W/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-265532"
]
}
],
"title": "CVE-2024-52963"
},
{
"cve": "CVE-2024-54021",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
"title": "CWE-113"
}
],
"product_status": {
"known_affected": [
"CSAFPID-265532",
"CSAFPID-113752"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-54021",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54021.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:F/RL:X/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-265532",
"CSAFPID-113752"
]
}
],
"title": "CVE-2024-54021"
}
]
}
GHSA-MPHF-CC86-CHGH
Vulnerability from github – Published: 2025-01-14 15:30 – Updated: 2025-01-14 15:30
VLAI?
Details
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
Severity ?
7.2 (High)
{
"affected": [],
"aliases": [
"CVE-2024-50566"
],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T14:15:33Z",
"severity": "HIGH"
},
"details": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.",
"id": "GHSA-mphf-cc86-chgh",
"modified": "2025-01-14T15:30:54Z",
"published": "2025-01-14T15:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50566"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-463"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2024-50566
Vulnerability from fkie_nvd - Published: 2025-01-14 14:15 - Updated: 2025-02-03 22:09
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | https://fortiguard.fortinet.com/psirt/FG-IR-24-463 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortimanager | * | |
| fortinet | fortimanager | * | |
| fortinet | fortimanager | * | |
| fortinet | fortimanager_cloud | * | |
| fortinet | fortimanager_cloud | * | |
| fortinet | fortimanager_cloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA16B3B-9767-4B61-BA35-2DDF70D66D09",
"versionEndExcluding": "7.2.9",
"versionStartIncluding": "7.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24796E3A-DDCB-4949-9080-5DCEEECF0B6C",
"versionEndExcluding": "7.4.6",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "241A8930-4ADA-4380-AA42-F10B28487595",
"versionEndExcluding": "7.6.2",
"versionStartIncluding": "7.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57B085BA-AF25-4EE9-8EC6-BD588F3C90CF",
"versionEndExcluding": "7.2.8",
"versionStartIncluding": "7.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBDCAD3-019A-4F46-AB5D-448E525E4E94",
"versionEndExcluding": "7.4.5",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4D647A-5EA1-4047-9E59-987FC8A74F0B",
"versionEndExcluding": "7.6.2",
"versionStartIncluding": "7.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo (\u0027inyecci\u00f3n de comando del sistema operativo\u0027) en Fortinet FortiManager versiones 7.6.0 a 7.6.1, versiones 7.4.5 a 7.4.0 y versiones 7.2.1 a 7.2.8, FortiManager Cloud versiones 7.6.0 a 7.6.1, versiones 7.4.0 a 7.4.4 y versiones 7.2.2 a 7.2.7 puede permitir que un atacante remoto autenticado ejecute c\u00f3digo no autorizado a trav\u00e9s de solicitudes FGFM manipuladas."
}
],
"id": "CVE-2024-50566",
"lastModified": "2025-02-03T22:09:31.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@fortinet.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-14T14:15:33.650",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-463"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@fortinet.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…