CVE-2024-47571

High

Published: 14 January 2025

Published

14 January 2025

Modified

19 March 2025

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0127 79.7th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47571 is a high-severity Operation on a Resource after Expiration or Release (CWE-672) vulnerability in Fortinet Fortimanager. Its CVSS base score is 8.1 (High).

Operationally, ranked in the top 20.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Remediating the specific flaw in FortiManager by applying Fortinet patches directly prevents attackers from performing operations on expired or released resources to gain improper FortiGate access.

AC-3 Access Enforcement partial match

prevent

Mandates enforcement of approved access authorizations, countering the improper access to FortiGate enabled by the resource expiration vulnerability in FortiManager.

SC-7 Boundary Protection partial match

preventdetect

Monitors and controls network traffic to the vulnerable FortiManager, limiting unauthenticated remote access required to exploit CVE-2024-47571.

NVD Description

An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials.

Deeper analysisAI

CVE-2024-47571 is a vulnerability involving an operation on a resource after its expiration or release (CWE-672) in Fortinet FortiManager versions 6.4.12 through 7.4.0. This flaw enables an attacker to gain improper access to connected FortiGate devices using valid credentials. The vulnerability carries a CVSS v3.1 base score of 8.1 (High), reflecting network accessibility (AV:N), high attack complexity (AC:H), no required privileges (PR:N), no user interaction (UI:N), and unchanged scope (S:U) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

An unauthenticated attacker with network access to the vulnerable FortiManager instance can exploit this issue despite the high complexity requirement. Successful exploitation allows the attacker to leverage valid credentials for improper access to FortiGate firewalls managed by the FortiManager, potentially enabling full compromise of those devices through unauthorized read, modification, or disruption of configurations and operations.

Fortinet's advisory (FG-IR-24-239) at https://fortiguard.fortinet.com/psirt/FG-IR-24-239 provides details on mitigation, including available patches for affected FortiManager versions. Security practitioners should consult this advisory for upgrade instructions and any temporary workarounds.

Details

CWE(s): CWE-672

Affected Products

fortinet

fortimanager

6.4.12, 7.2.3, 7.4.0 · 7.0.7 — 7.0.9

CVEs Like This One

CVE-2025-54820Same product: Fortinet Fortimanager

CVE-2024-33504Same product: Fortinet Fortimanager

CVE-2024-36512Same product: Fortinet Fortimanager

CVE-2024-35277Same product: Fortinet Fortimanager

CVE-2024-46662Same product: Fortinet Fortimanager

CVE-2024-50566Same product: Fortinet Fortimanager

CVE-2024-33502Same product: Fortinet Fortimanager

CVE-2026-22572Same product: Fortinet Fortimanager

CVE-2024-35275Same product: Fortinet Fortimanager

CVE-2024-45331Same product: Fortinet Fortimanager

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-239
Vendor Advisory · psirt@fortinet.com