csaf_certbund - wid-sec-w-2024-3432

wid-sec-w-2024-3432

Vulnerability from csaf_certbund

Published

2024-11-12 23:00

Modified

2024-11-12 23:00

Summary

mehrere Fortinet-Produkte: Schwachstelle ermöglicht Manipulation von Dateien

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

FortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten. FortiOS ist ein gehärtetes Betriebssystem für FortiGate Plattformen. FortiPortal ist eine cloudbasierte Verwaltungsplattform, die es ermöglicht mehrere Fortinet-Produkte zentral zu managen. FortiProxy ist eine Web-Proxy Lösung. FortiSwitch bezeichnet die Ethernet Switch Produktfamilie von Fortinet.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiManager, Fortinet FortiOS, Fortinet FortiPortal, Fortinet FortiProxy und Fortinet FortiSwitch ausnutzen, um Dateien zu manipulieren.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "mittel",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "FortiManager Security Management Appliances ermöglicht die Verwaltung von Fortinet Network Security Geräten.\r\nFortiOS ist ein gehärtetes Betriebssystem für FortiGate Plattformen.\r\nFortiPortal ist eine cloudbasierte Verwaltungsplattform, die es ermöglicht mehrere Fortinet-Produkte zentral zu managen.\r\nFortiProxy ist eine Web-Proxy Lösung.\r\n\r\nFortiSwitch bezeichnet die Ethernet Switch Produktfamilie von Fortinet.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Fortinet FortiManager, Fortinet FortiOS, Fortinet FortiPortal, Fortinet FortiProxy und Fortinet FortiSwitch ausnutzen, um Dateien zu manipulieren.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- Sonstiges",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2024-3432 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3432.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2024-3432 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3432",
         },
         {
            category: "external",
            summary: "FortiGuard PSIRT Advisory FG-IR-24-032 vom 2024-11-12",
            url: "https://www.fortiguard.com/psirt/FG-IR-24-032",
         },
      ],
      source_lang: "en-US",
      title: "mehrere Fortinet-Produkte: Schwachstelle ermöglicht Manipulation von Dateien",
      tracking: {
         current_release_date: "2024-11-12T23:00:00.000+00:00",
         generator: {
            date: "2024-11-13T11:47:43.260+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.8",
            },
         },
         id: "WID-SEC-W-2024-3432",
         initial_release_date: "2024-11-12T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2024-11-12T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<7.4.3",
                        product: {
                           name: "Fortinet FortiManager <7.4.3",
                           product_id: "T039023",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.4.3",
                        product: {
                           name: "Fortinet FortiManager 7.4.3",
                           product_id: "T039023-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.4.3",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.2.5",
                        product: {
                           name: "Fortinet FortiManager <7.2.5",
                           product_id: "T039024",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.2.5",
                        product: {
                           name: "Fortinet FortiManager 7.2.5",
                           product_id: "T039024-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.2.5",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.0.12",
                        product: {
                           name: "Fortinet FortiManager <7.0.12",
                           product_id: "T039025",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.0.12",
                        product: {
                           name: "Fortinet FortiManager 7.0.12",
                           product_id: "T039025-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:7.0.12",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<6.4.15",
                        product: {
                           name: "Fortinet FortiManager <6.4.15",
                           product_id: "T039026",
                        },
                     },
                     {
                        category: "product_version",
                        name: "6.4.15",
                        product: {
                           name: "Fortinet FortiManager 6.4.15",
                           product_id: "T039026-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortimanager:6.4.15",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "FortiManager",
               },
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<7.2.8",
                        product: {
                           name: "Fortinet FortiOS <7.2.8",
                           product_id: "1607630",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.2.8",
                        product: {
                           name: "Fortinet FortiOS 7.2.8",
                           product_id: "1607630-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/o:fortinet:fortios:7.2.8",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.0.15",
                        product: {
                           name: "Fortinet FortiOS <7.0.15",
                           product_id: "T035341",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.0.15",
                        product: {
                           name: "Fortinet FortiOS 7.0.15",
                           product_id: "T035341-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/o:fortinet:fortios:7.0.15",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.4.4",
                        product: {
                           name: "Fortinet FortiOS <7.4.4",
                           product_id: "T035955",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.4.4",
                        product: {
                           name: "Fortinet FortiOS 7.4.4",
                           product_id: "T035955-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/o:fortinet:fortios:7.4.4",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.6",
                        product: {
                           name: "Fortinet FortiOS <7.6",
                           product_id: "T039005",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.6",
                        product: {
                           name: "Fortinet FortiOS 7.6",
                           product_id: "T039005-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/o:fortinet:fortios:7.6",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "FortiOS",
               },
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<6.0.15",
                        product: {
                           name: "Fortinet FortiPortal <6.0.15",
                           product_id: "T039027",
                        },
                     },
                     {
                        category: "product_version",
                        name: "6.0.15",
                        product: {
                           name: "Fortinet FortiPortal 6.0.15",
                           product_id: "T039027-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortiportal:6.0.15",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "FortiPortal",
               },
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "<7.2.10",
                        product: {
                           name: "Fortinet FortiProxy <7.2.10",
                           product_id: "T035343",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.2.10",
                        product: {
                           name: "Fortinet FortiProxy 7.2.10",
                           product_id: "T035343-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortiproxy:7.2.10",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "<7.4.4",
                        product: {
                           name: "Fortinet FortiProxy <7.4.4",
                           product_id: "T035957",
                        },
                     },
                     {
                        category: "product_version",
                        name: "7.4.4",
                        product: {
                           name: "Fortinet FortiProxy 7.4.4",
                           product_id: "T035957-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/a:fortinet:fortiproxy:7.4.4",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "FortiProxy",
               },
               {
                  branches: [
                     {
                        category: "product_version_range",
                        name: "Manager <7.2.4",
                        product: {
                           name: "Fortinet FortiSwitch Manager <7.2.4",
                           product_id: "T039028",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Manager 7.2.4",
                        product: {
                           name: "Fortinet FortiSwitch Manager 7.2.4",
                           product_id: "T039028-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/h:fortinet:fortiswitch:manager__7.2.4",
                           },
                        },
                     },
                     {
                        category: "product_version_range",
                        name: "Manager <7.0.4",
                        product: {
                           name: "Fortinet FortiSwitch Manager <7.0.4",
                           product_id: "T039029",
                        },
                     },
                     {
                        category: "product_version",
                        name: "Manager 7.0.4",
                        product: {
                           name: "Fortinet FortiSwitch Manager 7.0.4",
                           product_id: "T039029-fixed",
                           product_identification_helper: {
                              cpe: "cpe:/h:fortinet:fortiswitch:manager__7.0.4",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "FortiSwitch",
               },
            ],
            category: "vendor",
            name: "Fortinet",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2024-26011",
         notes: [
            {
               category: "description",
               text: "Es besteht eine Schwachstelle in Fortinet FortiManager, Fortinet FortiOS, Fortinet FortiPortal, Fortinet FortiProxy und Fortinet FortiSwitch. Dieser Fehler exitiert durch unsachgemäße Authentifizierung im fgfmd-Daemon, die eine unautorisierte Paket-Injektion ermöglicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Pakete in Tunnel zu injizieren und dadurch potenziell die Integrität der Kommunikation zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T035955",
               "T035957",
               "T039029",
               "T035341",
               "T039028",
               "T039025",
               "T039024",
               "T039005",
               "T039027",
               "T035343",
               "T039026",
               "1607630",
               "T039023",
            ],
         },
         release_date: "2024-11-12T23:00:00.000+00:00",
         title: "CVE-2024-26011",
      },
   ],
}

cve-2024-26011

Vulnerability from cvelistv5

Published

2024-11-12 18:53

Modified

2024-11-13 18:44

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:U/RC:C

Summary

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets.

References

▼	URL	Tags
	https://fortiguard.fortinet.com/psirt/FG-IR-24-032

Impacted products

Vendor

Product

Version

▼

Fortinet

FortiManager

Version: 7.4.0   ≤ 7.4.2
Version: 7.2.0   ≤ 7.2.4
Version: 7.0.0   ≤ 7.0.11
Version: 6.4.0   ≤ 6.4.14
    cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*

Fortinet	FortiSwitchManager	Version: 7.2.0 ≤ 7.2.3 Version: 7.0.0 ≤ 7.0.3
Fortinet	FortiPAM	Version: 1.2.0 Version: 1.1.0 ≤ 1.1.2 Version: 1.0.0 ≤ 1.0.3 cpe:2.3:o:fortinet:fortipam:1.2.0:::::::* cpe:2.3:o:fortinet:fortipam:1.1.2:::::::* cpe:2.3:o:fortinet:fortipam:1.1.1:::::::* cpe:2.3:o:fortinet:fortipam:1.1.0:::::::* cpe:2.3:o:fortinet:fortipam:1.0.3:::::::* cpe:2.3:o:fortinet:fortipam:1.0.2:::::::* cpe:2.3:o:fortinet:fortipam:1.0.1:::::::* cpe:2.3:o:fortinet:fortipam:1.0.0:::::::*
Fortinet	FortiProxy	Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.9 Version: 7.0.0 ≤ 7.0.19 Version: 2.0.0 ≤ 2.0.14 Version: 1.2.0 ≤ 1.2.13 Version: 1.1.0 ≤ 1.1.6 Version: 1.0.0 ≤ 1.0.7
Fortinet	FortiPortal	Version: 6.0.0 ≤ 6.0.14 Version: 5.3.0 ≤ 5.3.8
Fortinet	FortiOS	Version: 7.4.0 ≤ 7.4.3 Version: 7.2.0 ≤ 7.2.7 Version: 7.0.0 ≤ 7.0.14 Version: 6.4.0 ≤ 6.4.15 Version: 6.2.0 ≤ 6.2.16 Version: 6.0.0 ≤ 6.0.18 cpe:2.3:o:fortinet:fortios:7.4.3:::::::* cpe:2.3:o:fortinet:fortios:7.4.2:::::::* cpe:2.3:o:fortinet:fortios:7.4.1:::::::* cpe:2.3:o:fortinet:fortios:7.4.0:::::::* cpe:2.3:o:fortinet:fortios:7.2.7:::::::* cpe:2.3:o:fortinet:fortios:7.2.6:::::::* cpe:2.3:o:fortinet:fortios:7.2.5:::::::* cpe:2.3:o:fortinet:fortios:7.2.4:::::::* cpe:2.3:o:fortinet:fortios:7.2.3:::::::* cpe:2.3:o:fortinet:fortios:7.2.2:::::::* cpe:2.3:o:fortinet:fortios:7.2.1:::::::* cpe:2.3:o:fortinet:fortios:7.2.0:::::::* cpe:2.3:o:fortinet:fortios:7.0.14:::::::* cpe:2.3:o:fortinet:fortios:7.0.13:::::::* cpe:2.3:o:fortinet:fortios:7.0.12:::::::* cpe:2.3:o:fortinet:fortios:7.0.11:::::::* cpe:2.3:o:fortinet:fortios:7.0.10:::::::* cpe:2.3:o:fortinet:fortios:7.0.9:::::::* cpe:2.3:o:fortinet:fortios:7.0.8:::::::* cpe:2.3:o:fortinet:fortios:7.0.7:::::::* cpe:2.3:o:fortinet:fortios:7.0.6:::::::* cpe:2.3:o:fortinet:fortios:7.0.5:::::::* cpe:2.3:o:fortinet:fortios:7.0.4:::::::* cpe:2.3:o:fortinet:fortios:7.0.3:::::::* cpe:2.3:o:fortinet:fortios:7.0.2:::::::* cpe:2.3:o:fortinet:fortios:7.0.1:::::::* cpe:2.3:o:fortinet:fortios:7.0.0:::::::* cpe:2.3:o:fortinet:fortios:6.4.15:::::::* cpe:2.3:o:fortinet:fortios:6.4.14:::::::* cpe:2.3:o:fortinet:fortios:6.4.13:::::::* cpe:2.3:o:fortinet:fortios:6.4.12:::::::* cpe:2.3:o:fortinet:fortios:6.4.11:::::::* cpe:2.3:o:fortinet:fortios:6.4.10:::::::* cpe:2.3:o:fortinet:fortios:6.4.9:::::::* cpe:2.3:o:fortinet:fortios:6.4.8:::::::* cpe:2.3:o:fortinet:fortios:6.4.7:::::::* cpe:2.3:o:fortinet:fortios:6.4.6:::::::* cpe:2.3:o:fortinet:fortios:6.4.5:::::::* cpe:2.3:o:fortinet:fortios:6.4.4:::::::* cpe:2.3:o:fortinet:fortios:6.4.3:::::::* cpe:2.3:o:fortinet:fortios:6.4.2:::::::* cpe:2.3:o:fortinet:fortios:6.4.1:::::::* cpe:2.3:o:fortinet:fortios:6.4.0:::::::* cpe:2.3:o:fortinet:fortios:6.2.16:::::::* cpe:2.3:o:fortinet:fortios:6.2.15:::::::* cpe:2.3:o:fortinet:fortios:6.2.14:::::::* cpe:2.3:o:fortinet:fortios:6.2.13:::::::* cpe:2.3:o:fortinet:fortios:6.2.12:::::::* cpe:2.3:o:fortinet:fortios:6.2.11:::::::* cpe:2.3:o:fortinet:fortios:6.2.10:::::::* cpe:2.3:o:fortinet:fortios:6.2.9:::::::* cpe:2.3:o:fortinet:fortios:6.2.8:::::::* cpe:2.3:o:fortinet:fortios:6.2.7:::::::* cpe:2.3:o:fortinet:fortios:6.2.6:::::::* cpe:2.3:o:fortinet:fortios:6.2.5:::::::* cpe:2.3:o:fortinet:fortios:6.2.4:::::::* cpe:2.3:o:fortinet:fortios:6.2.3:::::::* cpe:2.3:o:fortinet:fortios:6.2.2:::::::* cpe:2.3:o:fortinet:fortios:6.2.1:::::::* cpe:2.3:o:fortinet:fortios:6.2.0:::::::* cpe:2.3:o:fortinet:fortios:6.0.18:::::::* cpe:2.3:o:fortinet:fortios:6.0.17:::::::* cpe:2.3:o:fortinet:fortios:6.0.16:::::::* cpe:2.3:o:fortinet:fortios:6.0.15:::::::* cpe:2.3:o:fortinet:fortios:6.0.14:::::::* cpe:2.3:o:fortinet:fortios:6.0.13:::::::* cpe:2.3:o:fortinet:fortios:6.0.12:::::::* cpe:2.3:o:fortinet:fortios:6.0.11:::::::* cpe:2.3:o:fortinet:fortios:6.0.10:::::::* cpe:2.3:o:fortinet:fortios:6.0.9:::::::* cpe:2.3:o:fortinet:fortios:6.0.8:::::::* cpe:2.3:o:fortinet:fortios:6.0.7:::::::* cpe:2.3:o:fortinet:fortios:6.0.6:::::::* cpe:2.3:o:fortinet:fortios:6.0.5:::::::* cpe:2.3:o:fortinet:fortios:6.0.4:::::::* cpe:2.3:o:fortinet:fortios:6.0.3:::::::* cpe:2.3:o:fortinet:fortios:6.0.2:::::::* cpe:2.3:o:fortinet:fortios:6.0.1:::::::* cpe:2.3:o:fortinet:fortios:6.0.0:::::::*

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-26011",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-11-13T18:44:31.679521Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-13T18:44:42.785Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiManager",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.4.2",
                     status: "affected",
                     version: "7.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.2.4",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.11",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.14",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [],
               defaultStatus: "unaffected",
               product: "FortiSwitchManager",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.2.3",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.3",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiPAM",
               vendor: "Fortinet",
               versions: [
                  {
                     status: "affected",
                     version: "1.2.0",
                  },
                  {
                     lessThanOrEqual: "1.1.2",
                     status: "affected",
                     version: "1.1.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "1.0.3",
                     status: "affected",
                     version: "1.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [],
               defaultStatus: "unaffected",
               product: "FortiProxy",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.4.2",
                     status: "affected",
                     version: "7.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.2.9",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.19",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "2.0.14",
                     status: "affected",
                     version: "2.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "1.2.13",
                     status: "affected",
                     version: "1.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "1.1.6",
                     status: "affected",
                     version: "1.1.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "1.0.7",
                     status: "affected",
                     version: "1.0.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [],
               defaultStatus: "unaffected",
               product: "FortiPortal",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "6.0.14",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.3.8",
                     status: "affected",
                     version: "5.3.0",
                     versionType: "semver",
                  },
               ],
            },
            {
               cpes: [
                  "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
                  "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*",
               ],
               defaultStatus: "unaffected",
               product: "FortiOS",
               vendor: "Fortinet",
               versions: [
                  {
                     lessThanOrEqual: "7.4.3",
                     status: "affected",
                     version: "7.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.2.7",
                     status: "affected",
                     version: "7.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "7.0.14",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.4.15",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.2.16",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.0.18",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:U/RC:C",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-306",
                     description: "Execute unauthorized code or commands",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-11-12T18:53:56.665Z",
            orgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
            shortName: "fortinet",
         },
         references: [
            {
               name: "https://fortiguard.fortinet.com/psirt/FG-IR-24-032",
               url: "https://fortiguard.fortinet.com/psirt/FG-IR-24-032",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.5 or above \nPlease upgrade to FortiManager version 7.0.12 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiSwitchManager version 7.0.4 or above \nPlease upgrade to FortiWeb version 7.6.0 or above \nPlease upgrade to FortiWeb version 7.4.3 or above \nPlease upgrade to FortiPAM version 1.3.0 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiProxy version 7.4.4 or above \nPlease upgrade to FortiProxy version 7.2.10 or above \nPlease upgrade to FortiPortal version 6.0.15 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.4 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.15 or above",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
      assignerShortName: "fortinet",
      cveId: "CVE-2024-26011",
      datePublished: "2024-11-12T18:53:56.665Z",
      dateReserved: "2024-02-14T09:18:43.245Z",
      dateUpdated: "2024-11-13T18:44:42.785Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted