CVE-2024-50563

critical

Description

A Weak Authentication vulnerability [CWE 1390] in FortiOS, FortiPAM and FortiProxy csfd daemon may allow an unauthenticated attacker with access to the Security Fabric interface and port to bruteforce the authentication process in the Security Fabric protocol and take control of the devices of the Fabric. A Weak Authentication vulnerability [CWE 1390] of the same nature in Fortimanager csfd daemon may allow an unauthenticated attacker with access to the Security Fabric interface and port to bypass the authentication process and access a restricted list of features.

Details

Source: Mitre, NVD

Published: 2025-01-14

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

Detections

Analytics