Wiz
Vulnerability DatabaseCVE-2024-48886

CVE-2024-48886
FortiOS vulnerability analysis and mitigation

Overview

A weak authentication vulnerability (CWE-1390) was discovered in Fortinet's csfd daemon affecting multiple products including FortiOS, FortiProxy, FortiManager, and FortiAnalyzer Cloud. The vulnerability was internally discovered and initially published on January 14, 2025. The affected products include various versions of FortiOS (7.4.0-7.4.4, 7.2.0-7.2.8, 7.0.0-7.0.15, 6.4.x), FortiProxy (7.4.0-7.4.4, 7.2.0-7.2.10, 7.0.0-7.0.17, 2.0.0-2.0.14), FortiManager (7.6.0-7.6.1, 7.4.1-7.4.3), and FortiAnalyzer Cloud (7.4.1-7.4.3). The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical) by NIST (NVD).

Technical details

The vulnerability exists in the Security Fabric interface's authentication mechanism within the csfd daemon. An unauthenticated attacker with access to the Security Fabric interface and port can potentially bruteforce the authentication process in the Security Fabric protocol. In FortiManager's csfd daemon, the vulnerability could allow an attacker to bypass the authentication process entirely and access a restricted list of features. The severity is rated as Critical with a CVSS v3.1 base score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) according to NIST's assessment (NVD).

Impact

If successfully exploited, this vulnerability allows attackers to execute unauthorized code or commands. For FortiOS, FortiPAM, and FortiProxy, attackers could potentially take control of the devices within the Security Fabric. In the case of FortiManager, attackers could gain access to a restricted set of features (Fortinet Advisory).

Mitigation and workarounds

Fortinet has released security patches for all affected products and versions. Users are advised to upgrade to the following versions: FortiOS (7.4.5, 7.2.9, 7.0.16), FortiProxy (7.4.5, 7.2.11, 7.0.18, 2.0.15), FortiManager (7.6.2, 7.4.4), and FortiAnalyzer Cloud (7.4.4). As temporary workarounds, users can either choose a strong password (minimum 20 characters, randomly generated) for the group-password field in the config system csf CLI command, or disable the security fabric using the command 'config system csf set status disable' (Fortinet Advisory).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo