mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
113 lines
5.0 KiB
JSON
113 lines
5.0 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-47575",
|
|
"ASSIGNER": "psirt@fortinet.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Execute unauthorized code or commands",
|
|
"cweId": "CWE-306"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Fortinet",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "FortiManager",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.6.0"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "7.4.0",
|
|
"version_value": "7.4.4"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "7.2.0",
|
|
"version_value": "7.2.7"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "7.0.0",
|
|
"version_value": "7.0.12"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "6.4.0",
|
|
"version_value": "6.4.14"
|
|
},
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "6.2.0",
|
|
"version_value": "6.2.12"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423",
|
|
"refsource": "MISC",
|
|
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Please upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.5 or above \nPlease upgrade to FortiManager Cloud version 7.2.8 or above \nPlease upgrade to FortiManager Cloud version 7.0.13 or above \nPlease upgrade to FortiManager version 7.6.1 or above \nPlease upgrade to FortiManager version 7.4.5 or above \nPlease upgrade to FortiManager version 7.2.8 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager version 6.2.13 or above"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C"
|
|
}
|
|
]
|
|
}
|
|
} |