% curl "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47575" | jq .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4878 100 4878 0 0 2318 0 0:00:02 0:00:02 --:--:-- 2319
{
"resultsPerPage": 1,
"startIndex": 0,
"totalResults": 1,
"format": "NVD_CVE",
"version": "2.0",
"timestamp": "2024-11-04T11:29:46.623",
"vulnerabilities": [
{
"cve": {
"id": "CVE-2024-47575",
"sourceIdentifier": "[email protected]",
"published": "2024-10-23T15:15:30.707",
"lastModified": "2024-10-24T18:56:47.930",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2024-10-23",
"cisaActionDue": "2024-11-13",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Fortinet FortiManager Missing Authentication Vulnerability",
"descriptions": [
{
"lang": "en",
"value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests."
},
{
"lang": "es",
"value": "Una autenticación faltante para una función crítica en FortiManager 7.6.0, FortiManager 7.4.0 a 7.4.4, FortiManager 7.2.0 a 7.2.7, FortiManager 7.0.0 a 7.0.12, FortiManager 6.4.0 a 6.4.14, FortiManager 6.2.0 a 6.2.12, Fortinet FortiManager Cloud 7.4.1 a 7.4.4, FortiManager Cloud 7.2.1 a 7.2.7, FortiManager Cloud 7.0.1 a 7.0.13, FortiManager Cloud 6.4.1 a 6.4.7 permite a un atacante ejecutar código o comandos arbitrarios a través de solicitudes especialmente manipuladas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndExcluding": "6.2.13",
"matchCriteriaId": "D7E60883-7F64-4C22-99F9-802A7623DAE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "6.4.15",
"matchCriteriaId": "D2AD66B0-9C99-4F83-80AA-B54E6354ADFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.13",
"matchCriteriaId": "37456E27-0EE2-4AF8-B92F-A5284FEC0409"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.8",
"matchCriteriaId": "01E63E1E-4084-4C73-862F-A4CC07914C23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.0",
"versionEndExcluding": "7.4.5",
"matchCriteriaId": "0666260A-1327-4C43-A841-04FB4459449C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0141F06A-F5FE-4DF3-B60E-DD76A1AD8A56"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.1",
"versionEndIncluding": "6.4.7",
"matchCriteriaId": "5BB52FA5-7811-4123-8989-59369583F82F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.1",
"versionEndExcluding": "7.0.13",
"matchCriteriaId": "29B3A5F2-3121-4902-BBB6-8B4D07767F77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.1",
"versionEndExcluding": "7.2.8",
"matchCriteriaId": "E3A26BF0-DF69-42F6-B9D8-D3BEE3DD352C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.1",
"versionEndExcluding": "7.4.5",
"matchCriteriaId": "6E0BCF26-B311-4FFF-866B-3DCA14A26268"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423",
"source": "[email protected]",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
]
}
]
}
}
]
}