Cyber Posture

CVE-2024-50563

High

Published: 16 January 2025

Published
16 January 2025
Modified
24 September 2025
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0029 52.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-50563 is a high-severity Weak Authentication (CWE-1390) vulnerability in Fortinet Fortianalyzer. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Brute Force (T1110); ranked in the top 47.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and IA-5 (Authenticator Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Brute Force (T1110) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-7 Unsuccessful Logon Attempts good match
prevent

Directly prevents brute-force attacks by enforcing limits on consecutive unsuccessful logon attempts against the weak authentication mechanism.

IA-5 Authenticator Management good match
prevent

Ensures authenticators are managed with sufficient strength, complexity, and lifecycle controls to resist brute-force guessing in weak authentication implementations.

SI-2 Flaw Remediation good match
prevent

Mandates timely flaw remediation, directly addressing the weak authentication vulnerability exploitable via brute-force to prevent unauthorized code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1110 Brute Force Credential Access
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct mapping to brute-force exploitation of weak auth for RCE on public-facing Fortinet appliances.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized…

more

code or commands via a brute-force attack.

Deeper analysisAI

CVE-2024-50563 is a weak authentication vulnerability affecting multiple Fortinet products, including FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1 and 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1 and 7.4.1 through 7.4.3, and FortiManager Cloud versions 7.4.1 through 7.4.3. The flaw, associated with CWE-1390 and NVD-CWE-Other, enables attackers to execute unauthorized code or commands through a brute-force attack. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites.

An unauthenticated remote attacker can exploit this vulnerability by performing a brute-force attack against the weak authentication mechanism. Successful exploitation grants the ability to execute arbitrary code or commands on the affected systems, potentially leading to limited confidentiality, integrity, and availability impacts as per the CVSS vector.

For mitigation details, refer to the Fortinet product security incident response team advisory at https://fortiguard.fortinet.com/psirt/FG-IR-24-221.

Details

CWE(s)
CWE-1390NVD-CWE-Other

Affected Products

fortinet
fortianalyzer
7.4.1 — 7.4.4 · 7.6.0 — 7.6.2
fortinet
fortianalyzer cloud
7.4.1 — 7.4.4
fortinet
fortimanager
7.4.1 — 7.4.4 · 7.6.0 — 7.6.2
fortinet
fortimanager cloud
7.4.1 — 7.4.4

CVEs Like This One

CVE-2024-48886Same product: Fortinet Fortianalyzer
CVE-2025-61848Same product: Fortinet Fortianalyzer
CVE-2024-35275Same product: Fortinet Fortianalyzer
CVE-2024-45331Same product: Fortinet Fortianalyzer
CVE-2025-68648Same product: Fortinet Fortianalyzer
CVE-2024-35273Same product: Fortinet Fortianalyzer
CVE-2024-33503Same product: Fortinet Fortianalyzer
CVE-2025-48418Same product: Fortinet Fortianalyzer
CVE-2024-35276Same product: Fortinet Fortianalyzer
CVE-2026-22572Same product: Fortinet Fortianalyzer

References