CVE-2024-26011

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-26011
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://fortiguard.fortinet.com/psirt/FG-IR-24-032 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*
History

12 Dec 2024, 19:33

Type Values Removed Values Added
CPE cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*
cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
First Time Fortinet
Fortinet fortimanager
Fortinet fortiswitchmanager
Fortinet fortios
Fortinet fortiportal
Fortinet fortipam
Fortinet fortiproxy
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-032 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-032 - Vendor Advisory

13 Nov 2024, 17:01

Type Values Removed Values Added
Summary
  • (es) Autenticación faltante para función crítica en Fortinet FortiManager versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.4, 7.0.0 a 7.0.11, 6.4.0 a 6.4.14, FortiPAM versión 1.2.0, 1.1.0 a 1.1.2, 1.0.0 a 1.0.3, FortiProxy versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.9, 7.0.0 a 7.0.17, 2.0.0 a 2.0.14, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6, 1.0.0 a 1.0.7, FortiSwitchManager versión 7.2.0 a 7.2.3, 7.0.0 a 7.0.3, FortiPortal versión 6.0.0 a 6.0.14, FortiOS versión 7.4.0 a 7.4.3, 7.2.0 a 7.2.7, 7.0.0 a 7.0.14, 6.4.0 a 6.4.15, 6.2.0 a 6.2.16, 6.0.0 a 6.0.18 permite a un atacante ejecutar código o comandos no autorizados a través de paquetes especialmente manipulados.

12 Nov 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-12 19:15

Updated : 2024-12-12 19:33

NVD link : CVE-2024-26011

Mitre link : CVE-2024-26011

CVE.ORG link : CVE-2024-26011

JSON object : View

Products Affected

fortinet

  • fortipam
  • fortiportal
  • fortiswitchmanager
  • fortimanager
  • fortios
  • fortiproxy
CWE
CWE-306

Missing Authentication for Critical Function