Cyber Resilience

CVE-2024-47575

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 23 October 2024

Published
23 October 2024
Modified
24 October 2025
KEV Added
23 October 2024
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9387 99.9th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47575 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Fortinet Fortimanager. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2024-47575 is a missing authentication for critical function vulnerability (CWE-306) affecting FortiManager 7.6.0, 7.4.0-7.4.4, 7.2.0-7.2.7, 7.0.0-7.0.12, 6.4.0-6.4.14, and 6.2.0-6.2.12, along with FortiManager Cloud 7.4.1-7.4.4, 7.2.1-7.2.7, 7.0.1-7.0.12, and 6.4.1-6.4.7. It carries a CVSS 3.1 score of 9.8 and allows unauthenticated remote attackers to execute arbitrary code or commands via specially crafted requests.

An attacker with network access can exploit the flaw without credentials or user interaction to run arbitrary commands on the FortiManager instance, resulting in full compromise of the management platform and any connected devices under its control.

Fortinet's advisory FG-IR-24-423 addresses the issue, while CISA lists the CVE in its Known Exploited Vulnerabilities catalog. The EPSS score is currently 0.9387 with a peak of 0.9393.

EU & UK References

Vulnerability details

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7,…

more

FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.

CWE(s)
KEV Date Added
23 October 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fortinet
fortimanager
7.6.0 · 6.2.0 — 6.2.13 · 6.4.0 — 6.4.15 · 7.0.0 — 7.0.13
fortinet
fortimanager cloud
6.4.1 — 6.4.7 · 7.0.1 — 7.0.13 · 7.2.1 — 7.2.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and access policy on critical FortiManager functions so that specially crafted requests cannot succeed without credentials.

prevent

Requires unique identification and authentication of every user (or process) before any management-plane action is permitted, eliminating the unauthenticated code-execution path.

AC-17 Remote Access partial match
prevent

Mandates authenticated, authorized, and monitored remote access to the FortiManager appliance, blocking the network-based unauthenticated exploitation described in the CVE.

References