Details of VAR-202504-3035

ID

VAR-202504-3035

CVE

CVE-2024-50565

TITLE

Multiple Fortinet products vulnerable to man-in-the-middle issues

Trust: 0.8

sources: JVNDB: JVNDB-2024-026506

DESCRIPTION

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device. Fortiweb , FortiVoice , FortiProxy Several Fortinet products, including the above, are vulnerable to man-in-the-middle issues.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-50565 // JVNDB: JVNDB-2024-026506

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortios	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.2.9	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	lt	version:	7.4.3	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	lt	version:	6.2.14	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	lt	version:	7.4.3	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.4.3	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	lt	version:	7.0.12	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortiweb	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	7.4.3	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	lt	version:	6.4.9	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	lt	version:	7.0.3	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	6.2.14	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.0.16	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	7.0.12	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	lt	version:	6.4.15	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	lt	version:	7.2.5	Trust: 1.0
vendor:	fortinet	model:	fortivoice	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.2.10	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	6.4.15	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	gte	version:	7.2.0	Trust: 1.0
vendor:	fortinet	model:	fortimanager	scope:	lt	version:	7.2.5	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortiproxy	scope:	lt	version:	7.0.16	Trust: 1.0
vendor:	fortinet	model:	fortianalyzer	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortios	scope:	lt	version:	7.4.5	Trust: 1.0
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	6.4.0 that's all 7.0.16	Trust: 0.8
vendor:	フォーティネット	model:	fortimanager	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortivoice	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiweb	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortiproxy	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortianalyzer	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	7.4.0 that's all 7.4.5	Trust: 0.8
vendor:	フォーティネット	model:	fortios	scope:	eq	version:	7.2.0 that's all 7.2.9	Trust: 0.8

sources: JVNDB: JVNDB-2024-026506 // NVD: CVE-2024-50565

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2024-50565
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2024-50565
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-50565
value:	HIGH
Trust: 0.8

psirt@fortinet.com:	CVE-2024-50565
baseSeverity:	LOW
baseScore:	3.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-50565
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-50565
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-026506 // NVD: CVE-2024-50565 // NVD: CVE-2024-50565

PROBLEMTYPE DATA

problemtype:	CWE-300	Trust: 1.0
problemtype:	man-in-the-middle problem (CWE-300) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-026506 // NVD: CVE-2024-50565

PATCH

title:

FG-IR-24-046

url:

https://fortiguard.fortinet.com/psirt/FG-IR-24-046

Trust: 0.8

sources: JVNDB: JVNDB-2024-026506

EXTERNAL IDS

db:	NVD	id:	CVE-2024-50565	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-026506	Trust: 0.8

sources: JVNDB: JVNDB-2024-026506 // NVD: CVE-2024-50565

REFERENCES

url:	https://fortiguard.fortinet.com/psirt/fg-ir-24-046	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-50565	Trust: 0.8

sources: JVNDB: JVNDB-2024-026506 // NVD: CVE-2024-50565

SOURCES

db:	JVNDB	id:	JVNDB-2024-026506
db:	NVD	id:	CVE-2024-50565

LAST UPDATE DATE

2025-07-29T23:10:15.181000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-026506	date:	2025-07-28T07:44:00
db:	NVD	id:	CVE-2024-50565	date:	2025-07-25T15:22:38.540

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-026506	date:	2025-07-28T00:00:00
db:	NVD	id:	CVE-2024-50565	date:	2025-04-08T14:15:31.920