CVE-2024-21757

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 13, 2024
Updated: Aug 22, 2024
CWE ID 620

Summary

CVE-2024-21757 is a vulnerability affecting Fortinet FortiManager and FortiAnalyzer versions. An unauthenticated attacker can exploit this issue by modifying admin passwords through the device configuration backup. Versions 7.0.0 through 7.0.10, 7.2.0 through 7.2.4, and 7.4.0 through 7.4.1 of FortiManager, and corresponding versions of FortiAnalyzer, are all impacted. This vulnerability poses a significant risk, as an attacker gaining access to these systems with administrative privileges can cause extensive damage. Fortinet has released patches to address this issue, and administrators are urged to apply them promptly to mitigate the threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • FortiManager
  • FortiAnalyzer

Affected Vendors

  • Fortinet