CVE-2024-21757

CVE Database · CVE-2024-21757

CVE-2024-21757

· MEDIUMAnalyzed

CVSS v3.1

6.1

EPSS

0.19%

Published

Aug 13, 2024

Modified

Aug 22, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Weaknesses (CWE)

CWE-620

Affected Products (6)

fortinet · fortianalyzer (up to 7.0.11)vulnerable

fortinet · fortianalyzer (up to 7.2.5)vulnerable

fortinet · fortianalyzer (up to 7.4.2)vulnerable

fortinet · fortimanager (up to 7.0.11)vulnerable

fortinet · fortimanager (up to 7.2.5)vulnerable

fortinet · fortimanager (up to 7.4.2)vulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-23-467

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs