VDB
CVE-2024-35277
CVE-2024-35277
PUBLISHED
Es existiert eine Schwachstelle in Fortinet FortiManager. Diese besteht aufgrund einer fehlenden Authentifizierung für kritische Funktionen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Konfiguration aller verwalteten Geräte zu extrahieren.
EPSS 0.27% · 50.7th percentile
Risk Scores
EPSS Score
0.27%
50.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortinet FortiManager <6.4.13 | |
| Fortinet | Fortinet FortiManager <7.2.4 | |
| Fortinet | Fortinet FortiManager <7.0.9 | |
| Fortinet | Fortinet FortiManager <7.4.1 | |
| Fortinet | Fortinet FortiManager <6.4.15 | |
| Fortinet | Fortinet FortiManager <7.0.13 | |
| Fortinet | Fortinet FortiManager <7.4.3 | |
| Fortinet | Fortinet FortiManager <7.2.6 |
Exploit Intelligence
Timeline
- Jan 14, 2025 CVE Published
- Jan 15, 2025 EPSS Score
- Jan 15, 2025 CVE Updated
- Jan 31, 2025 EPSS Score
- Feb 2, 2025 Coalition ESS Score
- Feb 15, 2025 EPSS Score
- Mar 3, 2025 EPSS Score
- Mar 18, 2025 EPSS Score
- Apr 3, 2025 EPSS Score
- Apr 18, 2025 EPSS Score
- Apr 28, 2025 PoC Published
- May 4, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0087.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0087 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-097 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-135 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-222 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-239 advisory
- https://www.fortiguard.com/psirt/FG-IR-24-463 advisory