#VU102596 Operation on a Resource after Expiration or Release in FortiManager - CVE-2024-47571

Cybersecurity Help s.r.o.

Published: 2025-01-14

Vulnerability identifier: #VU102596

Vulnerability risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-47571

CWE-ID: CWE-672

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FortiManager
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Fortinet, Inc

Description

The vulnerability allows a remote user to gain unauthorized access to the system.

The vulnerability exist due to incorrect handling of removed accounts. A remote administrative user who was deleted through FortiManager can still be able to login to the FortiGate via valid credentials.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

FortiManager: 6.4.0 - 6.4.12, 7.0.0 - 7.0.8, 7.2.0 - 7.2.3, 7.4.0

External links
https://www.fortiguard.com/psirt/FG-IR-24-239

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in FortiManager