cvelist/2024/47xxx/CVE-2024-47571.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-47571",
        "ASSIGNER": "psirt@fortinet.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Improper access control",
                        "cweId": "CWE-672"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Fortinet",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "FortiManager",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "7.4.0"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "7.2.3"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.0.7",
                                            "version_value": "7.0.8"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "6.4.12"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-239",
                "refsource": "MISC",
                "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-239"
            }
        ]
    },
    "solution": [
        {
            "lang": "en",
            "value": "Please upgrade to FortiManager version 7.4.1 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.9 or above \nPlease upgrade to FortiManager version 6.4.13 or above"
        }
    ],
    "impact": {
        "cvss": [
            {
                "version": "3.1",
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C"
            }
        ]
    }
}
"-Synchronized-Data." 2024-09-27 17:00:34 +00:00			`{`
"-Synchronized-Data." 2025-01-14 15:01:02 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-09-27 17:00:34 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-47571",`
"-Synchronized-Data." 2025-01-14 15:01:02 +00:00			`"ASSIGNER": "psirt@fortinet.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-09-27 17:00:34 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2025-01-14 15:01:02 +00:00			`"value": "An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Improper access control",`
			`"cweId": "CWE-672"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Fortinet",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "FortiManager",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "7.4.0"`
			`},`
			`{`
			`"version_affected": "=",`
			`"version_value": "7.2.3"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_name": "7.0.7",`
			`"version_value": "7.0.8"`
			`},`
			`{`
			`"version_affected": "=",`
			`"version_value": "6.4.12"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-239",`
			`"refsource": "MISC",`
			`"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-239"`
			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "en",`
			`"value": "Please upgrade to FortiManager version 7.4.1 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.9 or above \nPlease upgrade to FortiManager version 6.4.13 or above"`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"version": "3.1",`
			`"attackComplexity": "HIGH",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.9,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C"`
"-Synchronized-Data." 2024-09-27 17:00:34 +00:00			`}`
			`]`
			`}`
			`}`