VYPR
Unrated severityNVD Advisory· Published Apr 8, 2025· Updated Apr 8, 2025

CVE-2024-50565

CVE-2024-50565

Description

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • Fortinet/Fortivoicev52 versions
    cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*range: 7.0.0
    • (no CPE)range: 7.0.0 through 7.0.2, 6.4.0 through 6.4.8, 6.0.0 through 6.0.12
  • cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*range: 7.4.0
    • (no CPE)range: 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, 6.2.0 through 6.2.13
  • Fortinet/Fortiosv52 versions
    cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*range: 7.4.0
    • (no CPE)range: 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16
  • Fortinet/Fortiwebllm-fuzzy2 versions
    7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10+ 1 more
    • (no CPE)range: 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10
    • (no CPE)range: 7.4.0
  • Range: 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.14
  • Range: 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, 6.2.0 through 6.2.13

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.