Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2024-47575
PUBLISHEDA missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7,...
- Vendor
- Fortinet
- Product
- FortiManager
- Published
- Oct 23, 2024
- EPSS
- —
Description
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Oct 23, 2024 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/fortimanager_rce_cve_2024_47575.rb | Apr 28, 2025 |
| Nessus | https://www.tenable.com/plugins/nessus/209559 | Oct 23, 2024 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-11-07 21:03:30 UTC · 86 stars
Fortinet Fortimanager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575
Timeline
-
CVE ID Reserved
-
Added to KEVIntel
-
CVE Published to Public
-
Detected by Nessus
-
Proof of Concept Exploit Available
-
Detected by Metasploit