CVE-2024-48886

Critical

Published: 14 January 2025

Published

14 January 2025

Modified

03 February 2025

KEV Added

—

Patch

—

CVSS Score 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0056 68.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-48886 is a critical-severity Weak Authentication (CWE-1390) vulnerability in Fortinet Fortiproxy. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked in the top 31.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and IA-5 (Authenticator Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Brute Force (T1110) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-7 Unsuccessful Logon Attempts good match

prevent

AC-7 enforces limits on unsuccessful logon attempts, directly thwarting brute-force attacks that exploit weak authentication to execute unauthorized code.

IA-5 Authenticator Management good match

prevent

IA-5 requires management of authenticators with sufficient strength of mechanism, mitigating brute-force vulnerabilities in weak authentication implementations.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates timely flaw remediation, including patching the specific weak authentication vulnerability described in CVE-2024-48886.

MITRE ATT&CK Enterprise TechniquesAI

T1110 Brute Force Credential Access

Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1078 Valid Accounts Stealth

Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

Why these techniques?

Weak auth vuln directly enables brute-force (T1110) against public-facing Fortinet services to obtain valid accounts (T1078) and execute code/commands (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through…

7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

Deeper analysisAI

CVE-2024-48886 is a weak authentication vulnerability present in several Fortinet products, including FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, and 6.4.0 through 6.4.15; FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, and 2.0.0 through 2.0.14; FortiManager versions 7.6.0 through 7.6.1 and 7.4.1 through 7.4.3; FortiManager Cloud versions 7.4.1 through 7.4.3; and FortiAnalyzer Cloud versions 7.4.1 through 7.4.3. The flaw, associated with CWE-1390 and NVD-CWE-Other, enables attackers to execute unauthorized code or commands through a brute-force attack. It carries a CVSS v3.1 base score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

A remote, unauthenticated attacker can exploit this vulnerability over the network by performing a brute-force attack, which requires high attack complexity but no user interaction. Successful exploitation grants the attacker the ability to execute arbitrary code or commands on the affected system, potentially leading to full compromise given the high impacts on confidentiality, integrity, availability, and changed scope.

Mitigation details and patches are outlined in the Fortinet PSIRT advisory available at https://fortiguard.fortinet.com/psirt/FG-IR-24-221. Security practitioners should consult this reference for version-specific remediation guidance.

Details

CWE(s): CWE-1390 NVD-CWE-Other

Affected Products

fortinet

fortianalyzer

7.4.1 — 7.4.4 · 7.6.0 — 7.6.2

fortinet

fortianalyzer cloud

7.4.1 — 7.4.4

fortinet

fortimanager

7.4.1 — 7.4.4 · 7.6.0 — 7.6.2

fortinet

fortimanager cloud

7.4.1 — 7.4.4

fortinet

fortiproxy

2.0.0 — 2.0.15 · 7.0.0 — 7.0.18 · 7.2.0 — 7.2.11

fortinet

fortios

6.4.0 — 7.0.16 · 7.2.0 — 7.2.9 · 7.4.0 — 7.4.5

CVEs Like This One

CVE-2024-50563Same product: Fortinet Fortianalyzer

CVE-2026-24858Same product: Fortinet Fortianalyzer

CVE-2024-48884Same product: Fortinet Fortimanager

CVE-2025-24472Same product: Fortinet Fortios

CVE-2024-55591Same product: Fortinet Fortios

CVE-2024-26006Same product: Fortinet Fortios

CVE-2024-45324Same product: Fortinet Fortios

CVE-2025-59718Same product: Fortinet Fortios

CVE-2025-53847Same product: Fortinet Fortios

CVE-2025-25249Same product: Fortinet Fortios

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-221
Vendor Advisory · psirt@fortinet.com