Primary

Context

Fortinet FortiOS, FortiProxy, FortiManager, and FortiAnalyzer Cloud Weak Authentication Vulnerability Allowing Unauthorized Code Execution

Vulnerability

A vulnerability exists in Fortinet FortiOS (versions 7.4.0 to 7.4.4, 7.2.0 to 7.2.8, 7.0.0 to 7.0.15, 6.4.0 to 6.4.15), FortiProxy (versions 7.4.0 to 7.4.4, 7.2.0 to 7.2.10, 7.0.0 to 7.0.17, 2.0.0 to 2.0.14), FortiManager (versions 7.6.0 to 7.6.1, 7.4.1 to 7.4.3) and FortiAnalyzer Cloud (versions 7.4.1 to 7.4.3). The vulnerability arises from weak authentication, allowing attackers to execute unauthorized code or commands through brute-force attacks.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution or command execution on the affected device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

7.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiOS, FortiProxy, FortiManager, and FortiAnalyzer Cloud Weak Authentication Vulnerability Allowing Unauthorized Code Execution

Vulnerability

Impact

Affected Products

Fortinet FortiOS

Fortinet FortiProxy

Fortinet FortiManager

Fortinet FortiManager Cloud

Fortinet FortiAnalyzer Cloud

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating