Category: Fortinet
-
Fortinet security vulnerability (CVE-2025-24472)
CVE-2025-24472 is an authentication bypass vulnerability identified in Fortinet’s FortiOS and FortiProxy products. This flaw allows a remote attacker to gain super-admin privileges by sending specially crafted CSF proxy requests. Affected Versions: Severity: The vulnerability has been assigned a CVSS v3.1 base score of 8.1, categorizing it as ‘High’ severity. Mitigation: Fortinet has addressed this…
-
Fortinet FortiManager security vulnerability (CVE-2024-48889)
CVE-2024-48889 is an OS Command Injection vulnerability (CWE-78) identified in Fortinet’s FortiManager and FortiManager Cloud products. This flaw allows an authenticated remote attacker to execute unauthorized code or commands by sending specially crafted FGFM (FortiGate to FortiManager) requests. Affected Versions: Additionally, older FortiAnalyzer models (1000E, 1000F, 2000E, 3000E, 3000F, 3000G, 3500E, 3500F, 3500G, 3700F, 3700G,…
-
Fortinet FortiManager zero-day vulnerability (CVE-2024-47575)
CVE-2024-47575 is a critical zero-day vulnerability identified in Fortinet’s FortiManager, primarily due to missing authentication checks on a critical function in its fgfmd daemon. Rated with a CVSS score of 9.8, the flaw enables unauthenticated remote attackers to execute arbitrary code or commands on vulnerable devices through specially crafted requests. Fortinet has reported active exploitation…